kerberos linux cluster authorization against AD

Fri, 21 Jan 2011 00:09:23 -0800 

Hello List !

Today I´m a liitle bit more detailed...

First a scheme of our environment




                                    
|----------------------------------------------------------> AD
                       virtual cluster  |
                  |--------------------------|---|
        ----------|---------             -------|---------
        |                   |            |                |
        |                   |            |                |
        |                   |            |                |
        |     node1     |            |  node2      |
        ^------------------|            |-----------------|



virtual cluster ip  =  10.10.11.149
node1 ip            =  10.10.11.147
node2 ip            =  10.10.11.148


The cluster is realized with Suse Linux SLES 11 Sp1 and the LVS 
toolset(ipvsadm, ldirecord) ; the  cluster is actice/active  with apache and 
tomcat running on each physical node. It is planned to authenticate the 
environment via mod_auth_kerb against Active Directory. As I explained in my 
first mail , that works if I do that with one physical node only. I followed 
the well known howtos and made kerberos tickets and keytabs which where copied 
to the linux node. After configuring the apache clients all worked as expected, 
the AD users could access the apache websites without any user and passwords 
interactions.

Trouble began with "kerberizing" the cluster itself.  I createed keytabs for 
both phisical nodes via ktpass utility and copied the keys to the nodes. A 
kinit was successfull . But authrization was impossible , the logs showed me 
error messages, because the request for webaccesss was directed to the 
"virtual"  cluster address , which is pretty ok and expected . Now my question 
, how to "kerberize"  the VIRTUAL CLUSTER IP   ??

What did I overlook.  Perhaps that approach is really impossible ?  Is there a 
workaround to make this happen ?


Best Regards            Martin  Schreiber


Mit freundlichen Grüßen
Martin SCHREIBER

________________________________
Martin SCHREIBER
TÜV AUSTRIA HOLDING AG
Krugerstraße 16
1015 Wien/Österreich
Tel.: +43 (0)1 514 07-6050
Fax: +43 (0)1 514 07-76030
E-Mail: [email protected]<mailto:[email protected]>
RSS-Feed: http://rss.tuv.at/news_de.xml
http://www.tuv.at<http://www.tuv.at/>
________________________________

Sitz: Krugerstraße 16 1015 Wien/Österreich
Vorsitzender des Aufsichtsrates: KR Dipl.-Ing. Johann MARIHART
Vorstand: Dipl.-Ing. Dr. Hugo EBERHARDT (Vorsitzender), Mag. Christoph WENNINGER
Firmenbuchgericht/ -nummer: Wien / FN 286107 x

________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to