Shelly was surprised at my bigger size

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

_______________________________________________
modauthkerb-help mailing list
modauthkerb-help <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/modauthkerb-help

期待合作

你好：我集团公司现有结余（国税、地税、增税）等票对外开，点数从优。验证后付款。
电话：13528892727黄经理。长期有效已备后用！顺祝生意兴隆重、万事如意！

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

_______________________________________________
modauthkerb-help mailing list
modauthkerb-help <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/modauthkerb-help

Problems with virtual hosts and principal names

Hi!

I have a problem with mod_auth_kerb on a server that has several virtual 
hosts. My server is Linux/Apache and a Windows Active Directory is used 
as a KDC. I have enabled negotiate authentication and most of the time 
it's working great.

The problem is that occasionally clients try to obtain ticket for 
HTTP/virtual.host.name instead of HTTP/real.server.name from AD server. 
I managed to circulate that problem in AD by adding also the virtual 
host principal names into AD configuration (using c:\>setspn -a 
HTTP/virtual.host.name unixaccount). Now the problem is that I have only 
key for principal HTTP/real.server.name in my keytab (created with 
c:\>ktpass -princ HTTP/real.server.name <at> REALM.NAME -mapuser unixaccount 
-pass topsecret -out krb5.keytab).

At the moment I'm completely stuck with this problem. I already have 
installed mod_auth_kerb with a patch for accepting multiple principals 
in a keytab

(http://sourceforge.net/tracker/index.php?func=detail&aid=1809998&group_id=51775&atid=464526) 
but I'm not able to create the keytable.

Could someone help me with this?

Cheers,
Tuomas

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Re: Problems with virtual hosts and principal names

On Sep 18, 2008, at 3:18 AM, Tuomas wrote:

> Hi!
>
> I have a problem with mod_auth_kerb on a server that has several  
> virtual
> hosts. My server is Linux/Apache and a Windows Active Directory is  
> used
> as a KDC. I have enabled negotiate authentication and most of the time
> it's working great.
>
> The problem is that occasionally clients try to obtain ticket for
> HTTP/virtual.host.name instead of HTTP/real.server.name from AD  
> server.
> I managed to circulate that problem in AD by adding also the virtual
> host principal names into AD configuration (using c:\>setspn -a
> HTTP/virtual.host.name unixaccount). Now the problem is that I have  
> only
> key for principal HTTP/real.server.name in my keytab (created with
> c:\>ktpass -princ HTTP/real.server.name <at> REALM.NAME -mapuser  
> unixaccount
> -pass topsecret -out krb5.keytab).
>
> At the moment I'm completely stuck with this problem. I already have
> installed mod_auth_kerb with a patch for accepting multiple principals
> in a keytab
>
(http://sourceforge.net/tracker/index.php?func=detail&aid=1809998&group_id=51775&atid=464526 
> )
> but I'm not able to create the keytable.
>
> Could someone help me with this?
>
> Cheers,
> Tuomas

OK, sounds like you know how to create individual keytab files for  
each of the principals in question.  You can merge them as needed as  
follows.

Assumptions:  MIT or Sun Kerberos installed (Heimdal ktutil works  
differently but can still do the job).  You have the individual keytab  
files created as name1.keytab, name2.keytab, etc.

ktutil
rkt name1.keytab
rkt name2.keytab
rkt name3.keytab
. . .
wkt web.keytab
q
chown web web.keytab  # use the real web server account name if it's  
not "web"

Now move web.keytab where it belongs for the web server.

------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz <at> jpl.nasa.gov, or hbhotz <at> oxy.edu

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Directory of dermatologists and dozens more specialties

Practicing Physicians in the US 

788,838 in total <> 17,760 emails

Lots of Physicians in specialties like Orthopedics, Surgery, Radiology, Dermatology, Neurology,
General Practice etc..

Sort by over a dozen different fields

Price for this week only =  $398

!!!!!!! If you order by the end of the week you can take all the items below for fr ee !!!!!!!

US Pharmaceutical Company Executives List
47,000 names and emails of the major positions

Hospital Facilities in the United States
Full data for all the major positions in more than 7k facilities

Complete and Accurate Database for Dental Service Providers
597,000 dentists and dental services ( a $350 value!) 

Chiropractors in the USA
Complete data for all chiropractors in the USA (a $250 value)

reply to:      DiegoGoddard <at> consultlists.com

above expires on October 10 

to terminate please send a blank message to r560 <at> consultlists.com

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/