From 7e33a3a2df613ecdfd49d621f7cc7a6424d4f96f Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 14 Apr 2015 11:49:00 -0400
Subject: Use mod_auth_gssapi instead of mod_auth_kerb

Change configuration on new installs only.

Enable GssapiLocalName so we have access to the local name in
REMOTE_USER and the full principle in GSS_NAME.

Enable GssapiSSLonly even though SSLRequireSSL is also set.
The belt and suspenders principla.

https://fedorahosted.org/ipsilon/ticket/89

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
---
 doc/design.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'doc')

diff --git a/doc/design.txt b/doc/design.txt
index 44699c5..08830d2 100644
--- a/doc/design.txt
+++ b/doc/design.txt
@@ -29,7 +29,7 @@ Architecture
 
 Ipsilon is mostly a web service builtin in python on the cherrypy framework.
 It is normally installed and run in an apache server and some plugins depend
-on authentication modules available in apache like mod_auth_kerb.
+on authentication modules available in apache like mod_auth_gssapi.
 
 Each authentication method is chained to the next in line so that automatic
 fallback can happen and multiple authentication methods can be employed at
-- 
cgit