Hi, I have a Linux server which is named goofy (as in the output of hostname command) with full qualified hostname goofy.example.com (as indicated by hostname -f on the server itself). DNS has an A record pointing from goofy.example.com to 191.168.0.123, including reverse lookup (dig confirms this, even at other machines). This server runs an Apache httpd with several vhosts configured, one of them www.example.com. This is configured to use mod_auth_kerb for authentication. A CNAME www.example.com is pointing to goofy.example.com.
Which principal do I add to the KDC database and export to mod_auth_kerb's keytab? Howtos suggest to use the full qualified hostname, eg. HTTP/[email protected]. However, browsers have different opinions about that. Firefox/Seamonkey (I guess all Gecko based browsers) on Linux use HTTP/[email protected]. Safari on Apples Mac OSX requests HTTP/[email protected] from KDC. Firefox on Mac OSX behaves like the Linux version. I don't have more browsers available right now, but I will test others. What is the correct behavior and configuration? Thanks for your help. Kind regards, -- Navteq (DE) GmbH Frank Gruellich Map24 Systems and Networks Duesseldorfer Strasse 40a 65760 Eschborn Germany Phone: +49 6196 77756-414 Fax: +49 6196 77756-100 USt-ID-No.: DE 197947163 Managing Directors: Thomas Golob, Alexander Wiegand, Hans Pieter Gieszen, Martin Robert Stockman
signature.asc
Description: OpenPGP digital signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
