[29297] in Kerberos
Re: Kerberized Apache
daemon@ATHENA.MIT.EDU (Sebastian Hanigk)
Tue Feb 19 11:31:55 2008
From: Sebastian Hanigk <hanigk@in.tum.de>
Date: Tue, 19 Feb 2008 17:16:49 +0100
Message-ID: <fpevdi$7sj$1@news.lrz-muenchen.de>
Mime-Version: 1.0
X-Complaints-To: newsmaster@lrz-muenchen.de
Mail-Copies-To: never
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Ido Levy <IDOL@il.ibm.com> writes:
> I am looking for a way to enable users to get access to their space through
> the web browser.
> I would like to integrate it with our Kerberized SSO environment as well.
> I tried this module http://modauthkerb.sourceforge.net/ but I have
> encounter some issues:
Using mod_auth_gss
(<http://cvs.opensolaris.org/source/raw/sfwnv/test_stevel/usr/src/cmd/apache2/mod_auth_gss/mod_auth_gss.c>,
install with "apxs -c -i -l gss mod_auth_gss.c") I have apache-2.2.8
running with authentication via Kerberos. While mod_auth_kerb has the
advantage of providing a username/password fallback, I haven't compiled
it under Solaris.
For an authentication needing part of your website you could either put
these directives into a .htaccess file (assuming that your httpd
configuration allows authentication override) or a directory or location
section:
AuthType GSSAPI
AuthGssServiceName HTTP
AuthGssKeytabFile /opt/apache/2.2.8/conf/http.keytab
AuthGssDebug 0
require valid-user
The username - should you need to specifiy access only for select users
- is the Kerberos principal.
Sebastian
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
