On Thu, Aug 13, 2020 at 07:10:42AM -0400, Rita wrote: > I created a user keytab. I use curl to authenticate against a web server. > `curl -u : --negotitate` it works randomly (about 33% accuracy). I am > trying to figure out if its a webserver issue or kerberos issue. Is there > anything else I can do?
There's (at least) a couple things that can come into play for this sort of scenario (not least because HTTP Negotiate violates some fundamental assumptions about message- vs. connection-oriented): Does the web server's hostname have multiple IP addresses in the DNS? (Is reverse DNS used for principal canonicalization by the krb5 library? The default is "yes" in many versions.) Does the web server have a pool of backend servers behind a load balancer? -Ben ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
