diff options
| author | Simo Sorce <simo@redhat.com> | 2015-03-09 10:46:55 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-03-09 10:46:55 -0400 |
| commit | d11c2c952df6b232b17a26f8433d4919589649ad (patch) | |
| tree | 7afefc36b81ded10d0ceea23cedeb851d82739dd /README | |
| parent | e6d9a30c889fe042cf3ad5073519f348dbe924f0 (diff) | |
| download | mod_auth_gssapi-d11c2c952df6b232b17a26f8433d4919589649ad.tar.gz mod_auth_gssapi-d11c2c952df6b232b17a26f8433d4919589649ad.tar.xz mod_auth_gssapi-d11c2c952df6b232b17a26f8433d4919589649ad.zip | |
Documentation fixes
Fix GssapiDelegCcacheDir examples and add all the required options to
make GssapiUseS4U2Proxy really work.
Thanks to David Kupka for testing that highlighted these issues.
Diffstat (limited to 'README')
| -rw-r--r-- | README | 11 |
1 files changed, 9 insertions, 2 deletions
@@ -152,7 +152,7 @@ principal and the subprocess environment variable KRB5CCNAME will be set to point to that file. Example: - GssapiDelegCcacheDir = /var/run/httpd/clientcaches + GssapiDelegCcacheDir /var/run/httpd/clientcaches A user foo@EXAMPLE.COM delegating its credentials would cause the server to @@ -171,7 +171,14 @@ ticket by the application. Example: GssapiUseS4U2Proxy On - GssapiDelegCcacheDir = /var/run/httpd/clientcaches + GssapiCredStore keytab:/etc/httpd.keytab + GssapiCredStore client_keytab:/etc/httpd.keytab + GssapiCredStore ccache:FILE:/var/run/httpd/krb5ccache + GssapiDelegCcacheDir /var/run/httpd/clientcaches + +NOTE: The client keytab is necessary to allow GSSAPI to initate via keytab +on its own. If not present an external mechanism needs to kinit with the +keytab and store a ccache in the configured ccache file. ### GssapiBasicAuth |