On Wed, Mar 28, 2012 at 11:36 PM, Simo Sorce s...@redhat.com wrote:
CNAMEs should work just fine with the host's HTTP/A-name@REALM key.
In fact I just tested a virtual host on my ipa server using a cname and
it worked.
great!
Can you post your (sanitized) mod_auth_kerb configuration ?
Hello,
please post output from:
# klist -kt /etc/krb5.keytab
We still need this to better understand logs. I'm not sure if keytab
contains right keys.
--
Petr Spacek
On 03/27/2012 09:47 PM, Steven Jones wrote:
Hi
Its possible the uninstall from one IPA realm didnt work properly before I
Steven Jones wrote:
8--
It cannot be a wildcard:
if (strcasecmp(krbcfg-passsync_mgrs[i], bindDN) == 0) {
pwdata.changetype = IPA_CHANGETYPE_DSMGR;
break;
}
but it is multivalued.
8--
This is over my head
8--
On Thu, 2012-03-29 at 08:58 +0200, Natxo Asenjo wrote:
On Wed, Mar 28, 2012 at 11:36 PM, Simo Sorce s...@redhat.com wrote:
CNAMEs should work just fine with the host's HTTP/A-name@REALM
key.
In fact I just tested a virtual host on my ipa server using
On Thu, Mar 29, 2012 at 8:25 PM, Simo Sorce s...@redhat.com wrote:
Your configuration looks right, but I went back and looked at your logs
and I saw a permission denied error.
I would check that the apache user can access the keytab
file: /etc/httpd/conf/webserver01_http.keytab
If you are
On Thu, 2012-03-29 at 20:43 +0200, Natxo Asenjo wrote:
On Thu, Mar 29, 2012 at 8:25 PM, Simo Sorce s...@redhat.com wrote:
Your configuration looks right, but I went back and looked at
your logs
and I saw a permission denied error.
I would check that