TWiki> LinuxSupport Web>LinuxSupport>LinuxSupportFAQ>KerberosAuthWWW (2008-11-26, JanIven) EditAttachPDF
Linux Support FAQ entry 03 Jul 2006, logged in as JanIven
LinuxSupportFAQForm
SupportProblem How to set up a web site with Kerberos (GSSAPI / SPNEGO) authentication on SLC4
SupportAnswer (example host is asis-w8)

# yum install httpd mod_auth_kerb

(open firewall for 443/tcp)

# arc -h afsdb1 kas ext HTTP/asis-w8.cern.ch > /tmp/krb5.keytab.apache # needs TGT+special permissions (you may need to extract the unqualified hostname as well.)

# install -m 0400 -o apache -g apache /tmp/krb5.keytab.apache /etc/httpd/

(make sure you have "!AllowOverride AuthConfig" for your web directory) 

# cat >/var/www/html/.htaccess <EOF
AuthType Kerberos
KrbMethodNegotiate on
KrbMethodK5Passwd on
Krb5Keytab /etc/httpd/krb5.keytab.apache
AuthName "Kerberos / AFS password"
Require              valid-user
EOF

(Mozilla/Firefox browsers still need to set the two preferences "network.negotiate-auth.delegation-uris", "network.negotiate-auth.trusted-uris" to enable GSSAPI/SPNEGO)

OsVersion all
HardwareArchitecture any
ApprovedBySupport SupportApproved
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2008-11-26 - JanIven
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LinuxSupport All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright &© 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback