Kerberized Apache

Kevin S. Sumner ksumner at physics.unc.edu
Tue Feb 19 10:07:02 EST 2008


Hi Ido,

The modauthkerb website says you need an extention for "Mozilla" (I'm 
assuming the Mozilla Suite and Firefox) to do ticket-passing 
authentication*.  We have it setup for doing username and password 
authentication right now and it works quite well.  The configuration for a 
.htaccess is a little strange.  Here's a sample:

[snip]
AuthType Kerberos
KrbMethodNegotiate Off
KrbServiceName HTTP
Krb5Keytab /path/to/keytab
AuthName "physics.unc.edu"
KrbVerifyKDC off
KrbAuthRealms PHYSICS.UNC.EDU
require user user1 at PHYSICS.UNC.EDU
require user user2 at PHYSICS.UNC.EDU
SSLRequireSSL
[/snip]

You probably want to turn on the KrbMethodNegotiate.  This is working now 
and has been working for a few years with only minor modifications when we 
upgrade modauthkerb.  We have also successfully used "require valid-user" 
to do authentication for any user in our realm.

If your .htaccess seems to not be working, you may need to fix your 
AllowOverride line for your DocumentRoot or some directory under that where 
you want to do authetication.  Once AllowOverride is set correctly, you 
should be able to use .htaccess files without trouble.  Can you use 
"AuthType Basic", or any other AuthType, currently?

*NegotiateAuth is here: http://negotiateauth.mozdev.org/ but it looks like 
Linux/i386 only.

Hope this helps!
Kevin
-----
Kevin Sumner
ksumner at physics.unc.edu
(919) 962-6494
Assistant Systems Administrator
Physics and Astronomy Networking Infrastructure and Computing
University of North Carolina at Chapel Hill


On Tue, 19 Feb 2008, Ido Levy wrote:

>
> Hello All,
>
> I am looking for a way to enable users to get access to their space through
> the web browser.
> I would like to integrate it with our Kerberized SSO environment as well.
> I tried this module http://modauthkerb.sourceforge.net/ but I have
> encounter some issues:
>
> 1) I didn't succeed in configuring SSO
>
>      For each access through the web browser I have been asked for user
> and password although
>      I already had a valid ticket
>
> 2) The .htaccess file must be used to control access to each directory.
>
>      For each space I would like to give an access I have to create
> an .htaccess file and
>      add an entry in the apcahe configuration file as well
>
> Does anyone have experience with this issue ?
> Are there any other Kerberos modules for apache that better suits my
> needs ?
>
>
> Thanks,
>
> Ido Levy
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
> -- 
>
>



More information about the Kerberos mailing list