Re: [modauthkerb] OpenBSD chroot and hostname?
Brought to you by:
kouril
Menu
▾
▴
Re: [modauthkerb] OpenBSD chroot and hostname?
|
From: Steve B. <be...@uc...> - 2012-03-15 19:18:16
|
On Mar 7, 2012, at 5:24 PM, Henry B. Hotz wrote:
> The second line is the cross realm tgt to get access to the HOST.NAME realm, so httpd can get a HTTP/new...@HO... service ticket. What do the logs for the HOST.NAME realm show?
That's the weird thing -- that's what literally shows up in the log, I didn't obfuscate the names. I've done a ktrace, and it appears all the correct libraries are loaded before the call the chroot, and that the /etc/kerberosV/krb5.conf is read, but the /etc/kerberosV/krb5.keytab file isn't being read. It doesn't matter whether apache is running chrooted or not. Apache 1.3.9 if that has any bearing.
Here are kinits from the command line:
----
beaty@guestgw->~$ kinit be...@UC...
be...@UC...'s Password:
beaty@guestgw->~$ klist
Credentials cache: FILE:/tmp/krb5cc_1000
Principal: be...@UC...
Issued Expires Principal
Mar 15 13:16:25 Mar 15 23:16:25 krbtgt/UCA...@UC...
beaty@guestgw->~$ kinit --keytab=/var/www/etc/kerberosV/krb5.keytab HTTP/guestgw.wireless.ucar.edu
beaty@guestgw->~$ klist
Credentials cache: FILE:/tmp/krb5cc_1000
Principal: HTTP/gue...@UC...
Issued Expires Principal
Mar 15 13:16:33 Mar 15 23:16:33 krbtgt/UCA...@UC...
----
Any pointers? Thanks!
--
steve be...@uc... | http://www.cisl.ucar.edu/
The National Center for Atmospheric Research
Computational and Information Systems Laboratory
|
