the connection in order to keep the state between round-trips. With this option
enable incomplete context are store in the connection and retrieved on the next
request for continuation.
-When using this option you may also ant to set the Persistent-Auth header for
-those clients that make use of it.
Example:
GssapiConnectionBound On
- Header set Persistent-Auth "true"
+
+
+### GssapiSignalPersistentAuth
+For clients that make use of Persistent-Auth header, send the header according
+to GssapiConnectionBound setting.
+
+Example:
+ GssapiSignalPersistentAuth On
### GssapiUseSessions
GssapiCredStore keytab:/etc/httpd/http.keytab
Require valid-user
</Location>
+
+
+### GssapiAllowedMech
+
+List of allowed mechanisms. This is useful to restrict the mechanism that
+can be used when credentials for multiple mechanisms are available.
+By default no mechanism is set, this means all locally available mechanisms
+are allowed. The recognized mechanism names are: krb5, iakerb, ntlmssp
+
+Example:
+ GssapiAllowedMech krb5
+ GssapiAllowedMech ntlmssp
+
+
+### GssapiBasicAuthMech
+
+List of mechanisms against which Basic Auth is attempted. This is useful to
+restrict the mechanisms that can be used to attaempt password auth.
+By default no mechanism is set, this means all locally available mechanisms
+are allowed, unless GssapiAllowedMech is set, in which case those are used.
+GssapiBasicAuthMech always takes precendence over GssapiAllowedMech.
+The recognized mechanism names are: krb5, iakerb, ntlmssp
+
+Example:
+ GssapiBasicAuthMech krb5
projects / mod_auth_gssapi.git / blobdiff