From 7e33a3a2df613ecdfd49d621f7cc7a6424d4f96f Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 14 Apr 2015 11:49:00 -0400
Subject: Use mod_auth_gssapi instead of mod_auth_kerb

Change configuration on new installs only.

Enable GssapiLocalName so we have access to the local name in
REMOTE_USER and the full principle in GSS_NAME.

Enable GssapiSSLonly even though SSLRequireSSL is also set.
The belt and suspenders principla.

https://fedorahosted.org/ipsilon/ticket/89

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
---
 README | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'README')

diff --git a/README b/README
index dc4dae8..8b4f291 100644
--- a/README
+++ b/README
@@ -29,8 +29,8 @@ Prerequisites:
 - An unprivileged user to run the Ipsilon code (defaults to 'ipsilon')
 
 Currently there are only two available authentication modules, Kerberos and
-PAM. The Kerberos module uses mod_auth_kerb (which it will configure for you at
-install time), the Pam module simply uses the PAM stack with a default service
+PAM. The Kerberos module uses mod_auth_gssapi (which it will configure for
+you at install time), the Pam module simply uses the PAM stack with a default service
 name set to 'remote'.
 
 NOTE: The PAM module is invoked as an unprivileged user so if you are using the
-- 
cgit