On Aug 10, 2005, at 6:08 PM, Michael Bartosh wrote:
click the join kerberos button in the Open Dir module of Server Admin.
Kerb is already running on this server, and users are successfully
authenticating against it all the time. And again, all of this (OD
master and the web host) is on the same server, though the name of
the web host in question is not the same as the primary machine name.
make sure on the keytab on the web server has http service
principals in it (sudo kilist -ke)
Yep, I do klist -ke and see three for http... Triple DES cbc mode
with HMAC/sha1, ArcFour with HMAC/md5, and DES cbc mode with CRC-32.
There wouldn't need to be separate entries for https, would there? I
assume not since Kerberos requires https anyway.
It seems like the problem is in the realm. Kerb is working for
everything else. I have a realm set up to authenticate by Kerb and to
only allow members of a particular OD group. But when a member of
that group tries to hit that realm, Apache says they have the wrong
credentials.
Is anyone successfully controlling Apache realms through Kerberos?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
