LinuxSupportFAQForm | |
---|---|
SupportProblem | How to set up a web site with Kerberos (GSSAPI / SPNEGO) authentication on SLC4 |
SupportAnswer |
(example host is asis-w8)
# yum install httpd mod_auth_kerb
(open firewall for 443/tcp)
# arc -h afsdb1 kas ext HTTP/asis-w8.cern.ch > /tmp/krb5.keytab.apache # needs TGT+special permissions
(you may need to extract the unqualified hostname as well.)
# install -m 0400 -o apache -g apache /tmp/krb5.keytab.apache /etc/httpd/
(make sure you have "!AllowOverride AuthConfig" for your web directory)
# cat >/var/www/html/.htaccess <EOF AuthType Kerberos KrbMethodNegotiate on KrbMethodK5Passwd on Krb5Keytab /etc/httpd/krb5.keytab.apache AuthName "Kerberos / AFS password" Require valid-user EOF(Mozilla/Firefox browsers still need to set the two preferences "network.negotiate-auth.delegation-uris", "network.negotiate-auth.trusted-uris" to enable GSSAPI/SPNEGO) |
OsVersion | all |
HardwareArchitecture | any |
ApprovedBySupport | SupportApproved |