[31100] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Principal for Apache httpd vhost

daemon@ATHENA.MIT.EDU (Richard E. Silverman)
Mon May 11 15:30:22 2009

From: "Richard E. Silverman" <res@qoxp.net>
Date: Mon, 11 May 2009 14:34:05 -0400
Message-ID: <m2y6t3xzdu.fsf@darwin.oankali.net>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

>>>>> "Frank" == Frank Gruellich <frank.gruellich@navteq.com> writes:

    Frank> Hi, I have a Linux server which is named goofy (as in the
    Frank> output of hostname command) with full qualified hostname
    Frank> goofy.example.com (as indicated by hostname -f on the server
    Frank> itself).  DNS has an A record pointing from goofy.example.com
    Frank> to 191.168.0.123, including reverse lookup (dig confirms this,
    Frank> even at other machines).  This server runs an Apache httpd with
    Frank> several vhosts configured, one of them www.example.com.  This
    Frank> is configured to use mod_auth_kerb for authentication.  A CNAME
    Frank> www.example.com is pointing to goofy.example.com.

    Frank> Which principal do I add to the KDC database and export to
    Frank> mod_auth_kerb's keytab?  Howtos suggest to use the full
    Frank> qualified hostname, eg. HTTP/goofy.example.com@EXAMPLE.COM.
    Frank> However, browsers have different opinions about that.
    Frank> Firefox/Seamonkey (I guess all Gecko based browsers) on Linux
    Frank> use HTTP/goofy.example.com@EXAMPLE.COM.  Safari on Apples Mac
    Frank> OSX requests HTTP/www.example.com@EXAMPLE.COM from KDC.
    Frank> Firefox on Mac OSX behaves like the Linux version.  I don't
    Frank> have more browsers available right now, but I will test others.

    Frank> What is the correct behavior and configuration?  Thanks for
    Frank> your help.

try setting dns_fallback=yes in /Library/Preferences/edu.mit.Kerberos

    Frank> Kind regards, -- Navteq (DE) GmbH Frank Gruellich Map24 Systems
    Frank> and Networks

    Frank> Duesseldorfer Strasse 40a 65760 Eschborn Germany

    Frank> Phone: +49 6196 77756-414 Fax: +49 6196 77756-100

    Frank> USt-ID-No.: DE 197947163 Managing Directors: Thomas Golob,
    Frank> Alexander Wiegand, Hans Pieter Gieszen, Martin Robert Stockman



-- 
  Richard Silverman
  res@qoxp.net

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
home help back first fref pref prev next nref lref last post