Michael C. Burns writes:
> I've been asked by people at my site whether or not they can authenticate
> for access to some of their web pages against our AFS/Kerberos server rather
> than everyone creating local htpasswd files. Poking around in
> the source code to NCSA's httpd I saw some references to Kerberos 4 and 5
> authentication, but can't find any documentation at NCSA on how to properly
> activate and use this Kerberos authentication other than "These other types
> of authentication will be discussed later".
>
> I sent a note to the folks at NCSA weeks ago asking how to use their
> Kerberos authentication hooks and whether anyone has made modifications for
> AFS, but have not received a reply back. I'm curious if anyone on this list
> has made modifications to NCSA's httpd to use AFS/Kerberos authentication
> and if they can share those changes.
We built the mosaic-2.7b1 last year to try it out.
I don't know if there are newer versions. It has support for
Kerberos 4 and Kerberos 5. Since the AFS kaserver can act as a K4 KDC,
which is what we do, we setup some tests to see if would work. It did.
We did make a mod to src/libwww2/CUkerb.c:
diff CUkerb.c CUkerb.orig.c
30c30
< krb5_auth_context *k5auth_context = 0;
---
> krb5_auth_context *k5auth_context;
136d135
< /*
138,139d136
< */
< sprintf(buf,"/usr/afsws/bin/klog -tmp -pr %s -pa %s 2>&1",username,password);
423c420
< code = krb5_init_context(&k5context);
---
> krb5_init_context(&k5context);
473c470
< k5in_creds.times.endtime = now ;
---
> k5in_creds.times.endtime = now + KRB5_DEFAULT_LIFE;
diff HTMIME.c HTMIME.orig.c
453,457d452
< /*
< HTMIME.c fix for the "left bracket not found: [KerberosV5]" bug.
< From: Conrad Damon ([EMAIL PROTECTED])
< */
< got_kerb = 0;
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444 <New Area Code 8/3/96>
PGP Key fingerprint = 20 2B 0C 78 43 8A 9C A6 29 F7 A3 6D 5E 30 A6 7F