[36356] in Kerberos
libapache2-mod-auth-kerb and multi-homed hosts
daemon@ATHENA.MIT.EDU (Jaap Winius)
Tue Aug 12 10:20:52 2014
To: kerberos@mit.edu
From: Jaap Winius <jwinius@umrk.nl>
Date: Tue, 12 Aug 2014 14:20:08 +0000 (UTC)
Message-ID: <lsd7qo$tnt$1@ger.gmane.org>
Mime-Version: 1.0
X-Complaints-To: usenet@ger.gmane.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi folks,
My site has a number of multi-homed Apache web servers for which I can't
get Kerberos authentication to work properly.
Until recently, using ssh with Kerberos authentication to connect to
these same hosts was also a problem, until I set GSSAPIStrictAcceptorCheck
to 'off' in sshd_config and added lots of host keys to the system keytab
to match the reverse lookup names of the machine's various interfaces.
Can the same thing somehow be achieved with libapache2-mod-auth-kerb
v5.4-2 (for Debian wheezy), or should I submit a feature-request?
Right now my configuration looks like:
AuthType Kerberos
KrbAuthRealms EXAMPLE.COM
KrbServiceName Any
Krb5Keytab /etc/apache2/krb5-apache.keytab
KrbLocalUserMapping On
AuthName "Example login"
Like with the ssh solution, I've added http keys to this keytab to match
all of the machine's interfaces, but in this case the result is still
negative.
Any ideas?
Thanks,
Jaap
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
