--- /dev/null
+# Testing Apache supporting the Negotiate authentication
+
+## Prerequsities
+ # apt-get install apache2-prefork-dev
+
+## Build and install the mod_auth_gssapi module
+
+### Checkout the code and build it
+The CVS should be mirrored to the Moonshot repository, however, at the moment
+a direct link to SourceForge is used:
+
+ $ cvs -d :pserver:anonymous@modauthkerb.cvs.sourceforge.net:/cvsroot/modauthkerb co -r moonshot_branch mod_auth_kerb
+ $ cd mod_auth_kerb
+ $ autoconf
+ $ ./configure && make
+ # make install
+
+### Configure the module
+ # a2enmod auth_gssapi (or create the symlinks manually)
+
+ # cat > /etc/apache2/conf.d/moonshot << EOF
+ <Directory "/var/www/moonshot/">
+ AuthType GSSAPI
+ Require valid-user
+ AddHandler cgi-script .cgi
+ Options +ExecCGI
+ </Directory>
+ EOF
+
+### Add a fake kerberos key to make the module happy
+ # ktutil
+ ktutil: addent -password -p HTTP/localhost@PROJECT-MOONSHOT.ORG -k 1 -e aes256-cts
+ ktutil: wkt /etc/apache2/krb5.keytab
+ ktutil: quit
+ chown www-data /etc/apache2/krb5.keytab
+ # echo export KRB5_KTNAME=/etc/apache2/krb5.keytab >> /etc/apache2/envvars
+
+ # /etc/init.d/apache2 restart
+
+### Prepare a CGI to test the username gets passed
+ # mkdir /var/www/moonshot
+ # cat > /var/www/moonshot/hello.cgi << EOF
+ #!/bin/sh
+ echo "Content-Type: text/html"
+ echo ""
+ echo "You've been authenticated as \"$REMOTE_USER\", congratulations."
+ EOF
+
+### Test the authentication using the simple client
+ $ cd mod_auth_kerb/client && make
+ $ ./http_client -m "{1.3.6.1.4.1.5322.22.1.18}" --user steve@local --password testing http://localhost/moonshot/hello.cgi
+Should output a few lines of EAP debugging followed by:
+
+ Negotiate done: {1.3.6.1.4.1.5322.22.1.18}
+ Source: steve@local
+ Target: HTTP/localhost@
+ You've been authenticated as "steve@local", nice to meet you.
projects / devwiki.git / commitdiff