Changing FQDN for authing via Kerberos

Spyro Polymiadis spiz at spiz.no-ip.com
Wed Feb 3 14:42:27 CST 2010


Hi all, 

Long time no post... I have a question which hopefully someone may know the answer....
I have run up a new squid box, using kerb auth against AD following the guide here: http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos and everything is working just fine

The problem I seem to have is, using this method - the browser is required to use the FQDN of the proxy as set when setting up kerb.
As this was built on my test, when I set the hostname and FQDN - they were "servername"-test.domain.com 

Now I want to try and change the hostname it uses to just "servername".domain.com and put it on our live network, Ive tried changing hostnames/dns names/host entries even re-running the mskutil command (as shown in the link above) and replacing the entries to just "servername".domain.com and generating a new keytab...However none of these seem to work when I change the proxy setting in the browser to the new hostname and try to browse.
It just keeps barfing saying not authenticated and the krb logs show an error 230 (which doesn't really help)

If I change all the dns/hostnames/browser settings back to "servername"-test.domain.com - its all happy again... and working...

Does anyone have any idea how I may go about changing the hostname so it will still auth for clients?

Cheers
Spyro


-- 
This message was scanned by ESVA and is believed to be clean. 




More information about the linuxsa mailing list