NFS4, krb5 and Apache UserDir

We have nfs4 mounted home directories, using kerb5 authentication.

Problem is, the apache user wasn’t kerberos authenticated so could not read any of the home directories. Which of course means no user homepages.

The fix is easy, but I could not find it documented so it took me a while. I do not know if you need it, but I have mod_auth_kerb5 installed, and it pointed me to the solution.

Basically add a kerberos principle for HTTP/fqdn.

kadmin> addprinc -randkey HTTP/server.domain.com

Then put this into a keytab 

kadmin> ktadd -k /etc/httpd/conf/keytab HTTP/server.domain.com

The keytab needs to be readable by apache. Restart httpd and user homepages should work.