Apache with Kerberos authentification
Dennis GuseSpecial thanks to the guys who invented mod_auth_kerb. I removed the PAM authentification modules, which I only used as wrapper to get Kerberos auth through PAM and replaced it with mod_auth_kerb. Here is the small configuration:
1
2
3
4
5
6
7
Krb5Keytab /etc/apache2/krb5.keytab
KrbAuthRealms G00SE.ORG
KrbServiceName HTTP
<Directory / >
AuthType Kerberos
Require valid-user
</Directory>
That’s all! Cool.
The Firefox bundled into my OpenSUSE 10.3 does already contain all necessary configurations. I only needed to add g00se.org *to *network.negotiate-auth.trusted-uris in about:config. So he does accept the offer to do GSSAPI authentification with these URIS. And that’s pretty cool.
At least I need to figure a way to get my M$ system use such cool stuff.