Special thanks to the guys who invented mod_auth_kerb. I removed the PAM authentification modules, which I only used as wrapper to get Kerberos auth through PAM and replaced it with mod_auth_kerb.
Here is the small configuration:
Krb5Keytab /etc/apache2/krb5.keytab
KrbAuthRealms G00SE.ORG
KrbServiceName HTTP
<Directory /x>
AuthType Kerberos
Require valid-user
</Directory>
That's all! Cool.
The Firefox bundled into my OpenSUSE 10.3 does already contain all necessary configurations. I only needed to add g00se.org to network.negotiate-auth.trusted-uris in about:config. So he does accept the offer to do GSSAPI authentification with these URIS. And that's pretty cool. At least I need to figure a way to get my M$ system use such cool stuff.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.