[modauthkerb] OpenBSD chroot and hostname?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Greetings,

	I'm trying to get this to work under OpenBSD 5.0 and its httpd chroot environment.  Looking at the logs, I see:

----
authlog-2012-03-07-14:2012-03-07T14:22:40-0700 <auth.info> 0.1.2.3/0.1.2.3 kdc[28267]: AS-REQ be...@UC... from IPv4:128.117.64.2 for krbtgt/UCA...@UC...

authlog-2012-03-07-14:2012-03-07T14:22:41-0700 <auth.info> 3.4.5.6/3.4.5.6 kdc[3891]: TGS-REQ be...@UC... from IPv4:128.117.64.2 for krbtgt/HOS...@UC...
----

	I'm guessing the second line is messed up by not finding the correct hostname.  Here's the httpd log:

----
[Wed Mar  7 14:22:31 2012] [notice] chrooted in /var/www
[Wed Mar  7 14:22:31 2012] [notice] changed to uid 67, gid 67
[Wed Mar  7 14:22:35 2012] [debug] src/mod_auth_kerb.c(0): [client 128.117.9.79] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Wed Mar  7 14:22:40 2012] [debug] src/mod_auth_kerb.c(0): [client 128.117.9.79] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Wed Mar  7 14:22:41 2012] [debug] src/mod_auth_kerb.c(0): [client 128.117.9.79] Using HTTP/new...@HO... as server principal for password verification
[Wed Mar  7 14:22:41 2012] [debug] src/mod_auth_kerb.c(0): [client 128.117.9.79] Trying to get TGT for user be...@UC...
[Wed Mar  7 14:22:41 2012] [debug] src/mod_auth_kerb.c(0): [client 128.117.9.79] Trying to verify authenticity of KDC using principal HTTP/new...@HO...
[Wed Mar  7 14:22:41 2012] [debug] src/mod_auth_kerb.c(0): [client 128.117.9.79] krb5_get_credentials() failed when verifying KDC
[Wed Mar  7 14:22:41 2012] [error] [client 128.117.9.79] failed to verify krb5 credentials: Server not found in Kerberos database
[Wed Mar  7 14:22:41 2012] [debug] src/mod_auth_kerb.c(0): [client 128.117.9.79] kerb_authenticate_user_krb5pwd ret=401 user=(NULL) authtype=(NULL)
----

	And my .htaccess:

----
AuthType Kerberos
AuthName "UCAS password"
KrbAuthRealms UCAR.EDU
Krb5KeyTab /etc/kerberosV/krb5.keytab
require user be...@UC...
----

	Any pointers for me?  Thanks much!

--
             steve be...@uc... | http://www.cisl.ucar.edu/
               The National Center for Atmospheric Research
             Computational and Information Systems Laboratory