Okay... so at this point I am stuck.
I got this far:
Using modules:
LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_kerb_module modules/mod_auth_kerb.so
root@myserver conf]# net ads testjoin Join is OK
I successfully joined domain.
[root@myserver conf]# klist -k Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 host/myserver.server.com@CORE.HOST.EDU 2 host/rmyserver.server.com@CORE.HOST.EDU 2 host/myserver.server.com@CORE.HOST.EDU 2 host/myserver@CORE.HOST.EDU 2 host/myserver@CORE.HOST.EDU 2 host/myserver@CORE.HOST.EDU 2 MYSERVER$@CORE.HOST.EDU 2 MYSERVER$@CORE.HOST.EDU 2 MYSERVER$@CORE.HOST.EDU 2 http/myserver.server.com@CORE.HOST.EDU 2 http/myserver.server.com@CORE.HOST.EDU 2 http/myserver.server.com@CORE.HOSTEDU 2 http/myserver@CORE.HOST.EDU 2 http/myserver@CORE.HOST.EDU 2 http/myserver@CORE.HOST.EDU
My problem is that I am getting an error message in apache logs:
gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information (No principal in keytab matches desired name)
I looked in AD configuration and see that my server does not have appropriate ServicePrincipalName for HTTP (only host).
my keytab file: -rw------- 1 apache apache 957 Mar 11 14:31 /etc/httpd/conf/krb5.keytab
I have NO right access to AD server and cannot do much about creating proper keytab file.
Anything else I can do? Am I missing something?
Thank you! Asya
On Mar 10, 2011, at 12:24 PM, John Hodrien wrote:
On Thu, 10 Mar 2011, Dvorkin, Asya wrote:
John,
Thank you for all your pointers! You are right.. I was able to create a keytab file. Still having some issues with getting apache to work the way I wan to, but will continue troubleshooting it.
No problem, and I'll be interested to hear about any other problems you have. I don't get the feeling many people use kerberised Apache.
jh _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos