On Thu, 2012-12-20 at 16:38 +0100, Han Boetes wrote:
> Hi,
> 
> 
> I followed http://freeipa.org/page/Apache_SNI_With_Kerberos to enable
> login in to a webserver with kerberos tickets. I followed everything
> to the letter and all looks well.
> 
> 
> I can log in with a username and password, but when I set the
> httpd.conf entry to 
> 
> 
>   KrbMethodK5Passwd off
> 
> 
> 
> I can't log in. What works great with the ipa admin interface does not
> work with this recipe.
> 
> I even compared it to /etc/httpd/conf.d/ipa.conf and added the
>  KrbAuthRealms setting but to no avail.
> 
> 
> 
> Adding   KrbConstrainedDelegation on does not work alas. Although I am
> using centos 6.3
> 
> 
> I checked the http logfiles and the /var/log/krb5kdc.log, everything
> else on that host works fine. I can log in without a password and sudo
> -s works like it should.
> 
> 
> Please help me debugging this issue. What am I missing?

Are you using the same fully qualified name you have a keytab for ?
Do you see a ticket for the target server in the user ccache on the
client ?

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to