Hi folks, My site has a number of multi-homed Apache web servers for which I can't get Kerberos authentication to work properly.
Until recently, using ssh with Kerberos authentication to connect to these same hosts was also a problem, until I set GSSAPIStrictAcceptorCheck to 'off' in sshd_config and added lots of host keys to the system keytab to match the reverse lookup names of the machine's various interfaces. Can the same thing somehow be achieved with libapache2-mod-auth-kerb v5.4-2 (for Debian wheezy), or should I submit a feature-request? Right now my configuration looks like: AuthType Kerberos KrbAuthRealms EXAMPLE.COM KrbServiceName Any Krb5Keytab /etc/apache2/krb5-apache.keytab KrbLocalUserMapping On AuthName "Example login" Like with the ssh solution, I've added http keys to this keytab to match all of the machine's interfaces, but in this case the result is still negative. Any ideas? Thanks, Jaap ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
