John, Thank you for all your pointers! You are right.. I was able to create a keytab file. Still having some issues with getting apache to work the way I wan to, but will continue troubleshooting it. Thank you! Asya On Mar 9, 2011, at 10:09 AM, John Hodrien wrote: > On Wed, 9 Mar 2011, John Hodrien wrote: > >> On Wed, 9 Mar 2011, Dvorkin, Asya wrote: >> >>> Thank you, John. >>> >>> I forgot to add that we cannot generate keytab from AD server for various >>> reasons that I have no control over. > > And are you really sure this is the case? If you can join to a domain, you > can get a keytab (you don't need AD admin rights to do this). > > If you were just using Samba to do the join, something like: > > use kerberos keytab = yes > > in your smb.conf > > and a: > > net ads keytab create > net ads keytab add http > > on the joined machine would get you a keytab suitable for web auth. > > klist -k would then show you what you'd got. > > jh > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos