Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Multiple Realms in Apache mod_auth_kerb

552 views

Skip to first unread message

reto_sc...@hotmail.com

unread,

Sep 25, 2008, 8:59:58 AM9/25/08

Hello

I have a problem to get my apache to work with 2 Domains test1 and
test2 with kerberos
Is there a trust needed between the domains ? ( I can't do a trust
between the domains )

What steps are needed to get this work ?

kerberos.conf in apache
<Directory />
Options FollowSymLinks
AllowOverride None
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate On
KrbMethodK5Passwd Off
KrbAuthoritative On
KrbVerifyKDC On
KrbAuthRealms TEST1.LOCAL TEST2.LOCAL
Krb5KeyTab /etc/apache2/test.keytab
require valid-user
</Directory>

krb5.conf

[realms]
TEST1.LOCAL = {
kdc = kdc.test1.local
admin_server = kdc.test1.local
}
TEST2.LOCAL = {
kdc = kdc.test2.local
admin_server = kdc.test2.local
}

Reto Schubnell

unread,

Sep 25, 2008, 9:23:19 AM9/25/08

to kerb...@mit.edu

Hello
I have a problem to get my apache to work with 2 Domains test1 and test2 with kerberos The Site should be accessible by users in both domains. Is there a trust needed between the domains ? ( I can't do a trust between the domains for securiy reasons )

What steps are needed to get this work ?

kerberos.conf in apache
<Directory />
Options FollowSymLinks
AllowOverride None
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate On
KrbMethodK5Passwd Off
KrbAuthoritative On
KrbVerifyKDC On
KrbAuthRealms TEST1.LOCAL TEST2.LOCAL
Krb5KeyTab /etc/apache2/test.keytab
require valid-user
</Directory>
krb5.conf
[realms]
TEST1.LOCAL = {
kdc = kdc.test1.local
admin_server = kdc.test1.local
}
TEST2.LOCAL = {
kdc = kdc.test2.local
admin_server = kdc.test2.local
}

_________________________________________________________________
Connect to the next generation of MSN Messenger
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline

0 new messages