Hello List !
Today I´m a liitle bit more detailed...
First a scheme of our environment
|----------------------------------------------------------> AD
virtual cluster |
|--------------------------|---|
----------|--------- -------|---------
| | | |
| | | |
| | | |
| node1 | | node2 |
^------------------| |-----------------|
virtual cluster ip = 10.10.11.149
node1 ip = 10.10.11.147
node2 ip = 10.10.11.148
The cluster is realized with Suse Linux SLES 11 Sp1 and the LVS
toolset(ipvsadm, ldirecord) ; the cluster is actice/active with apache and
tomcat running on each physical node. It is planned to authenticate the
environment via mod_auth_kerb against Active Directory. As I explained in my
first mail , that works if I do that with one physical node only. I followed
the well known howtos and made kerberos tickets and keytabs which where copied
to the linux node. After configuring the apache clients all worked as expected,
the AD users could access the apache websites without any user and passwords
interactions.
Trouble began with "kerberizing" the cluster itself. I createed keytabs for
both phisical nodes via ktpass utility and copied the keys to the nodes. A
kinit was successfull . But authrization was impossible , the logs showed me
error messages, because the request for webaccesss was directed to the
"virtual" cluster address , which is pretty ok and expected . Now my question
, how to "kerberize" the VIRTUAL CLUSTER IP ??
What did I overlook. Perhaps that approach is really impossible ? Is there a
workaround to make this happen ?
Best Regards Martin Schreiber
Mit freundlichen Grüßen
Martin SCHREIBER
________________________________
Martin SCHREIBER
TÜV AUSTRIA HOLDING AG
Krugerstraße 16
1015 Wien/Österreich
Tel.: +43 (0)1 514 07-6050
Fax: +43 (0)1 514 07-76030
E-Mail: [email protected]<mailto:[email protected]>
RSS-Feed: http://rss.tuv.at/news_de.xml
http://www.tuv.at<http://www.tuv.at/>
________________________________
Sitz: Krugerstraße 16 1015 Wien/Österreich
Vorsitzender des Aufsichtsrates: KR Dipl.-Ing. Johann MARIHART
Vorstand: Dipl.-Ing. Dr. Hugo EBERHARDT (Vorsitzender), Mag. Christoph WENNINGER
Firmenbuchgericht/ -nummer: Wien / FN 286107 x
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos