[32746] in Kerberos
Re: apache virtual hosts and keytabs
daemon@ATHENA.MIT.EDU (Nikolay Shopik)
Thu Sep 30 13:05:10 2010
To: kerberos@mit.edu
From: Nikolay Shopik <shopik@inblock.ru>
Date: Thu, 30 Sep 2010 21:04:19 +0400
Message-ID: <i82fup$1m5$1@dough.gmane.org>
Mime-Version: 1.0
X-Complaints-To: usenet@dough.gmane.org
In-Reply-To: <87eicb8ymn.fsf@windlord.stanford.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 30.09.2010 11:43, Russ Allbery wrote:
> Nikolay Shopik<shopik@inblock.ru> writes:
>> On 30.09.2010 1:23, Russ Allbery wrote:
>
>>> In practice, you need to add HTTP/* principals for both names to the
>>> Apache keytab if they differ, and then configure mod_auth_kerb to
>>> accept any credential that's available in the keytab. Last time we did
>>> testing, Firefox did one thing and IE did the opposite thing, so you'll
>>> have substantial numbers of users in both camps.
>
>> So if my hostname is machine.example.com and virtual hostname
>> virtual.example.com I have to add both in keytab?
>
> Yup.
>
>> I did try that didn't help me either.
>
> Works for us. Be sure that you've set KrbServiceName to any in the
> mod_auth_kerb configuration (and you're using a new enough mod_auth_kerb
> that this is supported).
>
Thanks Russ,
Setting KrbServiceName HTTP/virtual.example.com, make it work flawlessly.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
