Hi Ido,

The modauthkerb website says you need an extention for "Mozilla" (I'm
assuming the Mozilla Suite and Firefox) to do ticket-passing
authentication*. We have it setup for doing username and password
authentication right now and it works quite well. The configuration for a
..htaccess is a little strange. Here's a sample:

AuthType Kerberos
KrbMethodNegotiate Off
KrbServiceName HTTP
Krb5Keytab /path/to/keytab
AuthName "physics.unc.edu"
KrbVerifyKDC off
require user user1@PHYSICS.UNC.EDU
require user user2@PHYSICS.UNC.EDU

You probably want to turn on the KrbMethodNegotiate. This is working now
and has been working for a few years with only minor modifications when we
upgrade modauthkerb. We have also successfully used "require valid-user"
to do authentication for any user in our realm.

If your .htaccess seems to not be working, you may need to fix your
AllowOverride line for your DocumentRoot or some directory under that where
you want to do authetication. Once AllowOverride is set correctly, you
should be able to use .htaccess files without trouble. Can you use
"AuthType Basic", or any other AuthType, currently?

*NegotiateAuth is here: http://negotiateauth.mozdev.org/ but it looks like
Linux/i386 only.

Hope this helps!
Kevin Sumner
(919) 962-6494
Assistant Systems Administrator
Physics and Astronomy Networking Infrastructure and Computing
University of North Carolina at Chapel Hill

On Tue, 19 Feb 2008, Ido Levy wrote:

> Hello All,
> I am looking for a way to enable users to get access to their space through
> the web browser.
> I would like to integrate it with our Kerberized SSO environment as well.
> I tried this module http://modauthkerb.sourceforge.net/ but I have
> encounter some issues:
> 1) I didn't succeed in configuring SSO
> For each access through the web browser I have been asked for user
> and password although
> I already had a valid ticket
> 2) The .htaccess file must be used to control access to each directory.
> For each space I would like to give an access I have to create
> an .htaccess file and
> add an entry in the apcahe configuration file as well
> Does anyone have experience with this issue ?
> Are there any other Kerberos modules for apache that better suits my
> needs ?
> Thanks,
> Ido Levy
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> --