Okay... so at this point I am stuck. I got this far: Using modules: LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_kerb_module modules/mod_auth_kerb.so root@myserver conf]# net ads testjoin Join is OK I successfully joined domain. [root@myserver conf]# klist -k Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 host/myserver.server.com@xxxxxxxxxxxxx 2 host/rmyserver.server.com@xxxxxxxxxxxxx 2 host/myserver.server.com@xxxxxxxxxxxxx 2 host/myserver@xxxxxxxxxxxxx 2 host/myserver@xxxxxxxxxxxxx 2 host/myserver@xxxxxxxxxxxxx 2 MYSERVER$@CORE.HOST.EDU 2 MYSERVER$@CORE.HOST.EDU 2 MYSERVER$@CORE.HOST.EDU 2 http/myserver.server.com@xxxxxxxxxxxxx 2 http/myserver.server.com@xxxxxxxxxxxxx 2 http/myserver.server.com@xxxxxxxxxxxx 2 http/myserver@xxxxxxxxxxxxx 2 http/myserver@xxxxxxxxxxxxx 2 http/myserver@xxxxxxxxxxxxx My problem is that I am getting an error message in apache logs: gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information (No principal in keytab matches desired name) I looked in AD configuration and see that my server does not have appropriate ServicePrincipalName for HTTP (only host). my keytab file: -rw------- 1 apache apache 957 Mar 11 14:31 /etc/httpd/conf/krb5.keytab I have NO right access to AD server and cannot do much about creating proper keytab file. Anything else I can do? Am I missing something? Thank you! Asya On Mar 10, 2011, at 12:24 PM, John Hodrien wrote: > On Thu, 10 Mar 2011, Dvorkin, Asya wrote: > >> John, >> >> Thank you for all your pointers! You are right.. I was able to create a >> keytab file. Still having some issues with getting apache to work the way I >> wan to, but will continue troubleshooting it. > > No problem, and I'll be interested to hear about any other problems you have. > I don't get the feeling many people use kerberised Apache. > > jh > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos