What we ended up doing was creating virtual IP addresses for each virtual host. It was the only way we could get it to work correctly because, as I recall, it was the only way to get the server to reply with the same hostname as that which the client had requested.
This was our experience, though bear in mind that we initially did this setup several years ago, so things *may* have changed. - Tom Thomas A. La Porte DreamWorks Animation On Sep 27, 2010, at 6:58 AM, Nikolay Shopik <[email protected]> wrote: > Hi, > > I wounder how correctly generate keytabs for virtual hosts in Apache? > From what I read, most cases suggest create keytab for HTTP/hostname > where is hostname is actual hostname of machine not virtual hostname. > Error logs show these messages: > gss_accept_sec_context() failed: Unspecified GSS failure. Minor code > may provide more information (, ) > > I've tried to generate keytab for virtual hostname only, this is of > course not work. > gss_acquire_cred() failed: Unspecified GSS failure. Minor code may > provide more information (, Key table entry not found) > if I change hostname to match virtualhost everything start working just > fine. > > So what configuration I need to make virtual hosts to work with Kerberos? > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
