From: https://www.google.com/accounts/o8/id?id=AItOawm_gIgjzml0PLxoLQf9mEu2JK0rzUNAO4s Date: Mon, 28 Mar 2011 20:31:21 +0000 (-0400) Subject: (no commit message) X-Git-Url: http://www.project-moonshot.org/gitweb/?p=devwiki.git;a=commitdiff_plain;h=e41052021bcfcbd96c0d47d7b4c46afe1a2dbbf6 --- diff --git a/testing/apache.mdwn b/testing/apache.mdwn new file mode 100644 index 0000000..b568ee4 --- /dev/null +++ b/testing/apache.mdwn @@ -0,0 +1,57 @@ +# Testing Apache supporting the Negotiate authentication + +## Prerequsities + # apt-get install apache2-prefork-dev + +## Build and install the mod_auth_gssapi module + +### Checkout the code and build it +The CVS should be mirrored to the Moonshot repository, however, at the moment +a direct link to SourceForge is used: + + $ cvs -d :pserver:anonymous@modauthkerb.cvs.sourceforge.net:/cvsroot/modauthkerb co -r moonshot_branch mod_auth_kerb + $ cd mod_auth_kerb + $ autoconf + $ ./configure && make + # make install + +### Configure the module + # a2enmod auth_gssapi (or create the symlinks manually) + + # cat > /etc/apache2/conf.d/moonshot << EOF + + AuthType GSSAPI + Require valid-user + AddHandler cgi-script .cgi + Options +ExecCGI + + EOF + +### Add a fake kerberos key to make the module happy + # ktutil + ktutil: addent -password -p HTTP/localhost@PROJECT-MOONSHOT.ORG -k 1 -e aes256-cts + ktutil: wkt /etc/apache2/krb5.keytab + ktutil: quit + chown www-data /etc/apache2/krb5.keytab + # echo export KRB5_KTNAME=/etc/apache2/krb5.keytab >> /etc/apache2/envvars + + # /etc/init.d/apache2 restart + +### Prepare a CGI to test the username gets passed + # mkdir /var/www/moonshot + # cat > /var/www/moonshot/hello.cgi << EOF + #!/bin/sh + echo "Content-Type: text/html" + echo "" + echo "You've been authenticated as \"$REMOTE_USER\", congratulations." + EOF + +### Test the authentication using the simple client + $ cd mod_auth_kerb/client && make + $ ./http_client -m "{1.3.6.1.4.1.5322.22.1.18}" --user steve@local --password testing http://localhost/moonshot/hello.cgi +Should output a few lines of EAP debugging followed by: + + Negotiate done: {1.3.6.1.4.1.5322.22.1.18} + Source: steve@local + Target: HTTP/localhost@ + You've been authenticated as "steve@local", nice to meet you.