On Tue, Sep 8, 2009 at 4:50 PM, Terry<td3201 at gmail.com>
wrote:> Hello,
>
> I am using kerberos to authenticate apache users. ?This works fine for
> one URL, but it doesn't for another.
>
> I can get into the application authenticating at the URL
> omajelut01.sec.jel.lc, but not with monitoring.foobar.com. ?Here is my
> klist:
>
> [root at omajelut01 etc]# klist -k
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ----
--------------------------------------------------------------------------
> ? 4 host/omajelut01.sec.jel.lc at SEC.JEL.LC
> ? 4 host/omajelut01.sec.jel.lc at SEC.JEL.LC
> ? 4 host/omajelut01.sec.jel.lc at SEC.JEL.LC
> ? 4 host/omajelut01 at SEC.JEL.LC
> ? 4 host/omajelut01 at SEC.JEL.LC
> ? 4 host/omajelut01 at SEC.JEL.LC
> ? 4 OMAJELUT01$@SEC.JEL.LC
> ? 4 OMAJELUT01$@SEC.JEL.LC
> ? 4 OMAJELUT01$@SEC.JEL.LC
> ? 4 HTTP/monitoring.foobar.com/omajelut01.sec.jel.lc at SEC.JEL.LC
> ? 4 HTTP/monitoring.foobar.com/omajelut01.sec.jel.lc at SEC.JEL.LC
> ? 4 HTTP/monitoring.foobar.com/omajelut01.sec.jel.lc at SEC.JEL.LC
> ? 4 HTTP/jmonitoring.foobar.com/omajelut01 at SEC.JEL.LC
> ? 4 HTTP/monitoring.jelecos.com/omajelut01 at SEC.JEL.LC
> ? 4 HTTP/monitoring.jelecos.com/omajelut01 at SEC.JEL.LC
> ? 4 HTTP/omajelut01.sec.jel.lc/omajelut01.sec.jel.lc at SEC.JEL.LC
> ? 4 HTTP/omajelut01.sec.jel.lc/omajelut01.sec.jel.lc at SEC.JEL.LC
> ? 4 HTTP/omajelut01.sec.jel.lc/omajelut01.sec.jel.lc at SEC.JEL.LC
> ? 4 HTTP/omajelut01.sec.jel.lc/omajelut01 at SEC.JEL.LC
> ? 4 HTTP/omajelut01.sec.jel.lc/omajelut01 at SEC.JEL.LC
> ? 4 HTTP/omajelut01.sec.jel.lc/omajelut01 at SEC.JEL.LC
> ? 4 HTTP/omajelut01.sec.jel.lc at SEC.JEL.LC
> ? 4 HTTP/omajelut01.sec.jel.lc at SEC.JEL.LC
> ? 4 HTTP/omajelut01.sec.jel.lc at SEC.JEL.LC
> ? 4 HTTP/omajelut01 at SEC.JEL.LC
> ? 4 HTTP/omajelut01 at SEC.JEL.LC
> ? 4 HTTP/omajelut01 at SEC.JEL.LC
>
> I am very new to this so I appreciate any help.
>
I figured this out. It was working from a kerberos perspective. I
had a frontend reverse proxy apache server that was sending users to
the wrong backend URL. :(