X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=README;h=83ff54966cd140146585719388d9b6e9b202b6cf;hb=204ff980cc67c2c2c17f35cd87aaba646a9a2111;hp=9963158d5219f12d4b0f1db4de80af2c8044ee34;hpb=a114a6599bb4a1b40525052222340d65b6821caf;p=mod_auth_kerb.cvs%2F.git diff --git a/README b/README index 9963158..83ff549 100644 --- a/README +++ b/README @@ -59,9 +59,15 @@ KrbVerifyKDC on | off (set to on by default) keytab to prevent KDC spoofing atacks. It should be used only for testing purposes. You have been warned. -KrbServiceName service (set to HTTP by default) - For specification the service name that will be used by Apache for - authentication. Corresponding key of this name must be stored in the keytab. +KrbServiceName server_principal + Specifies a principal name to use by Apache when authenticating the clients. + By default value of the form + HTTP/@ + is used. The FQDN part can contain any hostname and can be used to work + around problems with misconfigured DNS. A corresponding key of this name + must be stored in the keytab. + If this option is set to 'Any', then any prinicpal from the keytab which + matches the client's request may be used. Krb4Srvtab /path/to/srvtab This option takes one argument, specifying the path to the Kerberos V4 @@ -87,6 +93,11 @@ KrbDelegateBasic on | off (set to off by default) authentication scheme in Apache (Apache 2.1 seems to provide better support for multiple various authentication mechanisms). +KrbLocalUserMapping on | off (set to off by default) + When enabled, modul will try to translate authenticated username to local + name, which can be used by applications requiring an environment-specific + name (e.g. user account name). Simply, the realm name will be stripped out. + Note on server principals ------------------------- Now you have to create an service key for the module, which is needed to