Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Kerberos auth (apache) behind Cisco Load balancer
183 views
Skip to first unread message
PieterB
Feb 8, 2012, 3:20:36 AM2/8/12
to
Hi,
We've several of our webservers behind a load-balancer (as
common ;-) )
Kerberos authentication (mod_auth_kerb) on an individual host works as
a SPN and computer account is created
in Active Directory (using msktutil)
But as the URL used on load balancer is different, authentication
doesn't work, which is normal.
(it works, but falls back to a username/pw instead of using the
kerberos ticket from AD)
Any idea whats the common solution to solve this?
We've several of our webservers behind a load-balancer (as
common ;-) )
Kerberos authentication (mod_auth_kerb) on an individual host works as
a SPN and computer account is created
in Active Directory (using msktutil)
But as the URL used on load balancer is different, authentication
doesn't work, which is normal.
(it works, but falls back to a username/pw instead of using the
kerberos ticket from AD)
Any idea whats the common solution to solve this?
Vlad
Feb 12, 2012, 6:05:28 PM2/12/12
to
I assume you are using HTTP with SPNEGO protocol. For this to work in
load balancing environment you have to set your configure your SPN to
the URL of the load balancer not the web server.
-- Vlad
load balancing environment you have to set your configure your SPN to
the URL of the load balancer not the web server.
-- Vlad
0 new messages