Web lists-archives.com

Re: [Samba] samba rotates keytabs without telling apache

On Wed, 2017-11-22 at 13:07 +0100, Herman Øie Kolden via samba wrote:
> Hello!
> Our organization has since June had problems with samba on our web server
> incrementing keytab version numbers every month - precisely every month. Since
> apache2 with mod_auth_kerb isn't made aware of this, all our web sites go 503.
> The manual solution has been exporting new keytabs and reloading apache, but we
> haven't figured out why the KVNOS are incremented in the first place.

Samba, for security, changes the machine account password periodically.

The issue, I think, is that you have a distinct keytab for apache,
rather than a link to the Samba one.

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba