Re: [Samba] samba rotates keytabs without telling apache
- Date: Fri, 24 Nov 2017 06:45:43 +1300
- From: Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] samba rotates keytabs without telling apache
On Wed, 2017-11-22 at 13:07 +0100, Herman Øie Kolden via samba wrote:
> Our organization has since June had problems with samba on our web server
> incrementing keytab version numbers every month - precisely every month. Since
> apache2 with mod_auth_kerb isn't made aware of this, all our web sites go 503.
> The manual solution has been exporting new keytabs and reloading apache, but we
> haven't figured out why the KVNOS are incremented in the first place.
Samba, for security, changes the machine account password periodically.
The issue, I think, is that you have a distinct keytab for apache,
rather than a link to the Samba one.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
To unsubscribe from this list go to the following URL and read the