Hi Kevin,

Thank you for the help !!
My comments are integrated below

Ido Levy

"Kevin S. Sumner" wrote on 19/02/2008 17:07:02:

> Hi Ido,
>
> The modauthkerb website says you need an extention for "Mozilla" (I'm
> assuming the Mozilla Suite and Firefox) to do ticket-passing
> authentication*. We have it setup for doing username and password
> authentication right now and it works quite well. The configuration for

a
> .htaccess is a little strange. Here's a sample:
>
> [snip]
> AuthType Kerberos
> KrbMethodNegotiate Off
> KrbServiceName HTTP
> Krb5Keytab /path/to/keytab
> AuthName "physics.unc.edu"
> KrbVerifyKDC off
> KrbAuthRealms PHYSICS.UNC.EDU
> require user user1@PHYSICS.UNC.EDU
> require user user2@PHYSICS.UNC.EDU
> SSLRequireSSL
> [/snip]
>
> You probably want to turn on the KrbMethodNegotiate. This is working now


> and has been working for a few years with only minor modifications when

we
> upgrade modauthkerb. We have also successfully used "require valid-user"


> to do authentication for any user in our realm.


I tried the valid-user value and it works fine and suits my needs.:


> If your .htaccess seems to not be working, you may need to fix your
> AllowOverride line for your DocumentRoot or some directory under that

where
> you want to do authetication. Once AllowOverride is set correctly, you
> should be able to use .htaccess files without trouble. Can you use
> "AuthType Basic", or any other AuthType, currently?


Following your advice I set "AllowOverride All AuthConfig" for the
DocumentRoot
and it helps saving the efforts to insert a line for each directory I want
to allow access to.

>
> *NegotiateAuth is here: http://negotiateauth.mozdev.org/ but it looks

like
> Linux/i386 only.
>
> Hope this helps!
> Kevin
> -----
> Kevin Sumner
> ksumner@physics.unc.edu
> (919) 962-6494
> Assistant Systems Administrator
> Physics and Astronomy Networking Infrastructure and Computing
> University of North Carolina at Chapel Hill
>
>
> On Tue, 19 Feb 2008, Ido Levy wrote:
>
> >
> > Hello All,
> >
> > I am looking for a way to enable users to get access to their space

through
> > the web browser.
> > I would like to integrate it with our Kerberized SSO environment as

well.
> > I tried this module http://modauthkerb.sourceforge.net/ but I have
> > encounter some issues:
> >
> > 1) I didn't succeed in configuring SSO
> >
> > For each access through the web browser I have been asked for user
> > and password although
> > I already had a valid ticket
> >
> > 2) The .htaccess file must be used to control access to each directory.
> >
> > For each space I would like to give an access I have to create
> > an .htaccess file and
> > add an entry in the apcahe configuration file as well
> >
> > Does anyone have experience with this issue ?
> > Are there any other Kerberos modules for apache that better suits my
> > needs ?
> >
> >
> > Thanks,
> >
> > Ido Levy
> >
> > ________________________________________________
> > Kerberos mailing list Kerberos@mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> >
> > --
> >
> >