keytab to prevent KDC spoofing atacks. It should be used only for testing
purposes. You have been warned.
-KrbServiceName service (set to HTTP by default)
- For specification the service name that will be used by Apache for
- authentication. Corresponding key of this name must be stored in the keytab.
+KrbServiceName server_principal
+ Specifies a principal name to use by Apache when authenticating the clients.
+ By default value of the form
+ HTTP/<FQDN_of_apache>@<realm>
+ is used. The FQDN part can contain any hostname and can be used to work
+ around problems with misconfigured DNS. A corresponding key of this name
+ must be stored in the keytab.
+ If this option is set to 'Any', then any prinicpal from the keytab which
+ matches the client's request may be used.
Krb4Srvtab /path/to/srvtab
This option takes one argument, specifying the path to the Kerberos V4
authentication scheme in Apache (Apache 2.1 seems to provide better support
for multiple various authentication mechanisms).
+KrbLocalUserMapping on | off (set to off by default)
+ When enabled, modul will try to translate authenticated username to local
+ name, which can be used by applications requiring an environment-specific
+ name (e.g. user account name). Simply, the realm name will be stripped out.
+
Note on server principals
-------------------------
Now you have to create an service key for the module, which is needed to