Kerberized Apache
Sebastian Hanigk
hanigk at in.tum.de
Tue Feb 19 11:16:49 EST 2008
Ido Levy <IDOL at il.ibm.com> writes:
> I am looking for a way to enable users to get access to their space through
> the web browser.
> I would like to integrate it with our Kerberized SSO environment as well.
> I tried this module http://modauthkerb.sourceforge.net/ but I have
> encounter some issues:
Using mod_auth_gss
(<http://cvs.opensolaris.org/source/raw/sfwnv/test_stevel/usr/src/cmd/apache2/mod_auth_gss/mod_auth_gss.c>,
install with "apxs -c -i -l gss mod_auth_gss.c") I have apache-2.2.8
running with authentication via Kerberos. While mod_auth_kerb has the
advantage of providing a username/password fallback, I haven't compiled
it under Solaris.
For an authentication needing part of your website you could either put
these directives into a .htaccess file (assuming that your httpd
configuration allows authentication override) or a directory or location
section:
AuthType GSSAPI
AuthGssServiceName HTTP
AuthGssKeytabFile /opt/apache/2.2.8/conf/http.keytab
AuthGssDebug 0
require valid-user
The username - should you need to specifiy access only for select users
- is the Kerberos principal.
Sebastian
More information about the Kerberos
mailing list