On Thu, 2012-12-20 at 16:38 +0100, Han Boetes wrote: > Hi, > > > I followed http://freeipa.org/page/Apache_SNI_With_Kerberos to enable > login in to a webserver with kerberos tickets. I followed everything > to the letter and all looks well. > > > I can log in with a username and password, but when I set the > httpd.conf entry to > > > KrbMethodK5Passwd off > > > > I can't log in. What works great with the ipa admin interface does not > work with this recipe. > > I even compared it to /etc/httpd/conf.d/ipa.conf and added the > KrbAuthRealms setting but to no avail. > > > > Adding KrbConstrainedDelegation on does not work alas. Although I am > using centos 6.3 > > > I checked the http logfiles and the /var/log/krb5kdc.log, everything > else on that host works fine. I can log in without a password and sudo > -s works like it should. > > > Please help me debugging this issue. What am I missing?
Are you using the same fully qualified name you have a keytab for ? Do you see a ticket for the target server in the user ccache on the client ? Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
