[Samba] samba rotates keytabs without telling apache
Andrew Bartlett
abartlet at samba.org
Thu Nov 23 17:45:43 UTC 2017
On Wed, 2017-11-22 at 13:07 +0100, Herman Øie Kolden via samba wrote:
> Hello!
>
> Our organization has since June had problems with samba on our web server
> incrementing keytab version numbers every month - precisely every month. Since
> apache2 with mod_auth_kerb isn't made aware of this, all our web sites go 503.
> The manual solution has been exporting new keytabs and reloading apache, but we
> haven't figured out why the KVNOS are incremented in the first place.
Samba, for security, changes the machine account password periodically.
The issue, I think, is that you have a distinct keytab for apache,
rather than a link to the Samba one.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list