1 # Testing Apache supporting the Negotiate authentication
4 # apt-get install apache2-prefork-dev
6 ## Build and install the mod_auth_gssapi module
8 ### Checkout the code and build it
9 The CVS should be mirrored to the Moonshot repository, however, at the moment
10 a direct link to SourceForge is used:
12 $ cvs -d :pserver:anonymous@modauthkerb.cvs.sourceforge.net:/cvsroot/modauthkerb co -r moonshot_branch mod_auth_kerb
18 ### Configure the module
19 # a2enmod auth_gssapi (or create the symlinks manually)
21 # cat > /etc/apache2/conf.d/moonshot << EOF
22 <Directory "/var/www/moonshot/">
25 AddHandler cgi-script .cgi
30 ### Add a fake kerberos key to make the module happy
32 ktutil: addent -password -p HTTP/localhost@PROJECT-MOONSHOT.ORG -k 1 -e aes256-cts
33 ktutil: wkt /etc/apache2/krb5.keytab
35 chown www-data /etc/apache2/krb5.keytab
36 # echo export KRB5_KTNAME=/etc/apache2/krb5.keytab >> /etc/apache2/envvars
38 # /etc/init.d/apache2 restart
40 ### Prepare a CGI to test the username gets passed
41 # mkdir /var/www/moonshot
42 # cat > /var/www/moonshot/hello.cgi << EOF
44 echo "Content-Type: text/html"
46 echo "You've been authenticated as \"$REMOTE_USER\", congratulations."
49 ### Test the authentication using the simple client
50 $ cd mod_auth_kerb/client && make
51 $ ./http_client -m "{1.3.6.1.4.1.5322.22.1.18}" --user steve@local --password testing http://localhost/moonshot/hello.cgi
52 Should output a few lines of EAP debugging followed by:
54 Negotiate done: {1.3.6.1.4.1.5322.22.1.18}
56 Target: HTTP/localhost@
57 You've been authenticated as "steve@local", nice to meet you.