Im trying to figure out how to implement kerberos for SSO on sites that are using name based vhosts on apache ( linux server)
e.g. Lets say that I have domains a.com and b.com. Both are set as CNAME of the domain c.com in DNS (Trying to save IPs)
Apache vhost for domain c.com contains all the info needed for kerberos ( keytab location etc etc). Keytab/principal are created for the domain c.com
Domains a.com and b.com have their own vhosts but without Kerberos part in the configuration. ( note, a.com and b.com are set in DNS as CNAME to c.com )
When I try websites using http, everything works fine and there are no errors.
But when I try to access websites using https, kerberos doesn't work on the websites a.com and b.com
The error I get in log is
gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, )
The SSL certificate that Im using is wildcard for .com ( in this example), so that part works fine.
Anyone knows why kerberos would work over http and not over https in this case ? Is there any difference how NameBased vhosts work when being accessed over https instead http ?
