This is a discussion on Re: Kerberized Apache - Kerberos ; Hi Kevin, Thank you for the help !! My comments are integrated below Ido Levy "Kevin S. Sumner" wrote on 19/02/2008 17:07:02: > Hi Ido, > > The modauthkerb website says you need an extention for "Mozilla" (I'm > assuming ...
Thank you for the help !!
My comments are integrated below
"Kevin S. Sumner"
wrote on 19/02/2008 17:07:02:
> Hi Ido,
> The modauthkerb website says you need an extention for "Mozilla" (I'm
> assuming the Mozilla Suite and Firefox) to do ticket-passing
> authentication*. We have it setup for doing username and password
> authentication right now and it works quite well. The configuration for
> .htaccess is a little strange. Here's a sample:
> AuthType Kerberos
> KrbMethodNegotiate Off
> KrbServiceName HTTP
> Krb5Keytab /path/to/keytab
> AuthName "physics.unc.edu"
> KrbVerifyKDC off
> KrbAuthRealms PHYSICS.UNC.EDU
> require user user1@PHYSICS.UNC.EDU
> require user user2@PHYSICS.UNC.EDU
> You probably want to turn on the KrbMethodNegotiate. This is working now
> and has been working for a few years with only minor modifications when
> upgrade modauthkerb. We have also successfully used "require valid-user"
> to do authentication for any user in our realm.
I tried the valid-user value and it works fine and suits my needs.:
> If your .htaccess seems to not be working, you may need to fix your
> AllowOverride line for your DocumentRoot or some directory under that
> you want to do authetication. Once AllowOverride is set correctly, you
> should be able to use .htaccess files without trouble. Can you use
> "AuthType Basic", or any other AuthType, currently?
Following your advice I set "AllowOverride All AuthConfig" for the
and it helps saving the efforts to insert a line for each directory I want
to allow access to.
> *NegotiateAuth is here: http://negotiateauth.mozdev.org/ but it looks
> Linux/i386 only.
> Hope this helps!
> Kevin Sumner
> (919) 962-6494
> Assistant Systems Administrator
> Physics and Astronomy Networking Infrastructure and Computing
> University of North Carolina at Chapel Hill
> On Tue, 19 Feb 2008, Ido Levy wrote:
> > Hello All,
> > I am looking for a way to enable users to get access to their space
> > the web browser.
> > I would like to integrate it with our Kerberized SSO environment as
> > I tried this module http://modauthkerb.sourceforge.net/ but I have
> > encounter some issues:
> > 1) I didn't succeed in configuring SSO
> > For each access through the web browser I have been asked for user
> > and password although
> > I already had a valid ticket
> > 2) The .htaccess file must be used to control access to each directory.
> > For each space I would like to give an access I have to create
> > an .htaccess file and
> > add an entry in the apcahe configuration file as well
> > Does anyone have experience with this issue ?
> > Are there any other Kerberos modules for apache that better suits my
> > needs ?
> > Thanks,
> > Ido Levy
> > ________________________________________________
> > Kerberos mailing list Kerberos@mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> > --