Hi Kevin, Thank you for the help !! My comments are integrated below
Ido Levy "Kevin S. Sumner" <[EMAIL PROTECTED]> wrote on 19/02/2008 17:07:02: > Hi Ido, > > The modauthkerb website says you need an extention for "Mozilla" (I'm > assuming the Mozilla Suite and Firefox) to do ticket-passing > authentication*. We have it setup for doing username and password > authentication right now and it works quite well. The configuration for a > .htaccess is a little strange. Here's a sample: > > [snip] > AuthType Kerberos > KrbMethodNegotiate Off > KrbServiceName HTTP > Krb5Keytab /path/to/keytab > AuthName "physics.unc.edu" > KrbVerifyKDC off > KrbAuthRealms PHYSICS.UNC.EDU > require user [EMAIL PROTECTED] > require user [EMAIL PROTECTED] > SSLRequireSSL > [/snip] > > You probably want to turn on the KrbMethodNegotiate. This is working now > and has been working for a few years with only minor modifications when we > upgrade modauthkerb. We have also successfully used "require valid-user" > to do authentication for any user in our realm. I tried the valid-user value and it works fine and suits my needs.: > If your .htaccess seems to not be working, you may need to fix your > AllowOverride line for your DocumentRoot or some directory under that where > you want to do authetication. Once AllowOverride is set correctly, you > should be able to use .htaccess files without trouble. Can you use > "AuthType Basic", or any other AuthType, currently? Following your advice I set "AllowOverride All AuthConfig" for the DocumentRoot and it helps saving the efforts to insert a line for each directory I want to allow access to. > > *NegotiateAuth is here: http://negotiateauth.mozdev.org/ but it looks like > Linux/i386 only. > > Hope this helps! > Kevin > ----- > Kevin Sumner > [EMAIL PROTECTED] > (919) 962-6494 > Assistant Systems Administrator > Physics and Astronomy Networking Infrastructure and Computing > University of North Carolina at Chapel Hill > > > On Tue, 19 Feb 2008, Ido Levy wrote: > > > > > Hello All, > > > > I am looking for a way to enable users to get access to their space through > > the web browser. > > I would like to integrate it with our Kerberized SSO environment as well. > > I tried this module http://modauthkerb.sourceforge.net/ but I have > > encounter some issues: > > > > 1) I didn't succeed in configuring SSO > > > > For each access through the web browser I have been asked for user > > and password although > > I already had a valid ticket > > > > 2) The .htaccess file must be used to control access to each directory. > > > > For each space I would like to give an access I have to create > > an .htaccess file and > > add an entry in the apcahe configuration file as well > > > > Does anyone have experience with this issue ? > > Are there any other Kerberos modules for apache that better suits my > > needs ? > > > > > > Thanks, > > > > Ido Levy > > > > ________________________________________________ > > Kerberos mailing list [email protected] > > https://mailman.mit.edu/mailman/listinfo/kerberos > > > > > > -- > > > > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
