[32734] in Kerberos
Re: apache virtual hosts and keytabs
daemon@ATHENA.MIT.EDU (Thomas LaPorte)
Wed Sep 29 17:14:42 2010
From: Thomas LaPorte <thomas.laporte@dreamworks.com>
In-Reply-To: <i7q7tq$h7j$1@dough.gmane.org>
Mime-Version: 1.0 (iPhone Mail 8A306)
Date: Mon, 27 Sep 2010 07:36:03 -0700
Message-ID: <7873215651444795852@unknownmsgid>
To: Nikolay Shopik <shopik@inblock.ru>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
What we ended up doing was creating virtual IP addresses for each
virtual host. It was the only way we could get it to work correctly
because, as I recall, it was the only way to get the server to reply
with the same hostname as that which the client had requested.
This was our experience, though bear in mind that we initially did
this setup several years ago, so things *may* have changed.
- Tom
Thomas A. La Porte
DreamWorks Animation
On Sep 27, 2010, at 6:58 AM, Nikolay Shopik <shopik@inblock.ru> wrote:
> Hi,
>
> I wounder how correctly generate keytabs for virtual hosts in Apache?
> From what I read, most cases suggest create keytab for HTTP/hostname
> where is hostname is actual hostname of machine not virtual hostname.
> Error logs show these messages:
> gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
> may provide more information (, )
>
> I've tried to generate keytab for virtual hostname only, this is of
> course not work.
> gss_acquire_cred() failed: Unspecified GSS failure. Minor code may
> provide more information (, Key table entry not found)
> if I change hostname to match virtualhost everything start working just
> fine.
>
> So what configuration I need to make virtual hosts to work with Kerberos?
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
