[32735] in Kerberos
Re: apache virtual hosts and keytabs
daemon@ATHENA.MIT.EDU (Vlad)
Wed Sep 29 17:15:22 2010
From: Vlad <vladistan@gmail.com>
Date: Mon, 27 Sep 2010 12:29:05 -0700 (PDT)
Message-ID: <2be9b04f-899f-42ed-a31b-8beb56e75650@q2g2000vbk.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Sep 27, 9:58 am, Nikolay Shopik <sho...@inblock.ru> wrote:
> Hi,
>
> I wounder how correctly generate keytabs for virtual hosts in Apache?
> From what I read, most cases suggest create keytab for HTTP/hostname
> where is hostname is actual hostname of machine not virtual hostname.
> Error logs show these messages:
> gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
> may provide more information (, )
>
> I've tried to generate keytab for virtual hostname only, this is of
> course not work.
> gss_acquire_cred() failed: Unspecified GSS failure. Minor code may
> provide more information (, Key table entry not found)
> if I change hostname to match virtualhost everything start working just
> fine.
>
> So what configuration I need to make virtual hosts to work with Kerberos?
You should always use the hostname that is typed in the browser.
Browsers always use the hostname from the URL to request the ticket
from KDC. If you use your actual server name, which will cause the
principal mismatch. And you will get exactly the error you getting.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
