Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Apache Realms to OD/Kerb

On Aug 11, 2005, at 3:39 PM, Joel Rennich wrote:

Yep, I do klist -ke and see three for http... Triple DES cbc mode with HMAC/sha1, ArcFour with HMAC/md5, and DES cbc mode with CRC-32. There wouldn't need to be separate entries for https, would there? I assume not since Kerberos requires https anyway.

It seems like the problem is in the realm. Kerb is working for everything else. I have a realm set up to authenticate by Kerb and to only allow members of a particular OD group. But when a member of that group tries to hit that realm, Apache says they have the wrong credentials.

After you attempt to connect to you have a service ticket for http, even though you weren't allowed in?

Hm; no. I see krbtgt and afpserver but not http. I don't see anything relevant in my computer's system or console logs (or any others I could think of).

I did just find this, however. In my server's kdc log, I see this when I try to pass that realm (names munged a little):

Aug 11 16:50:37 main.domain.com krb5kdc[206](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.1.1: UNKNOWN_SERVER: authtime 1123767788, email@hidden for http/ email@hidden, Server not found in Kerberos database

Now why would it say the server isn't found in the kerb db? I have the realm set to kerberos (by double-clicking on the name of the realm). I must be missing something obvious...?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >Apache Realms to OD/Kerb (From: Ed Pastore <email@hidden>)
 >Re: Apache Realms to OD/Kerb (From: Ed Pastore <email@hidden>)
 >Re: Apache Realms to OD/Kerb (From: Joel Rennich <email@hidden>)
 >Re: Apache Realms to OD/Kerb (From: Ed Pastore <email@hidden>)
 >Re: Apache Realms to OD/Kerb (From: Michael Bartosh <email@hidden>)
 >Re: Apache Realms to OD/Kerb (From: Ed Pastore <email@hidden>)
 >Re: Apache Realms to OD/Kerb (From: Joel Rennich <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.