X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_gssapi.git;a=blobdiff_plain;f=README;h=93a90b86225e7f84f10cbe316d4a20d1980751cd;hp=e23f745893b6e16055b81c17f2c1f493a00b083b;hb=c27219caa2d75baf854b1535eb222d679fbe4fcd;hpb=d11c2c952df6b232b17a26f8433d4919589649ad diff --git a/README b/README index e23f745..93a90b8 100644 --- a/README +++ b/README @@ -89,12 +89,17 @@ authentication (like NTLMSSP) it is necessary to bind to the authentication to the connection in order to keep the state between round-trips. With this option enable incomplete context are store in the connection and retrieved on the next request for continuation. -When using this option you may also ant to set the Persistent-Auth header for -those clients that make use of it. Example: GssapiConnectionBound On - Header set Persistent-Auth "true" + + +### GssapiSignalPersistentAuth +For clients that make use of Persistent-Auth header, send the header according +to GssapiConnectionBound setting. + +Example: + GssapiSignalPersistentAuth On ### GssapiUseSessions @@ -199,3 +204,28 @@ Example: GssapiCredStore keytab:/etc/httpd/http.keytab Require valid-user + + +### GssapiAllowedMech + +List of allowed mechanisms. This is useful to restrict the mechanism that +can be used when credentials for multiple mechanisms are available. +By default no mechanism is set, this means all locally available mechanisms +are allowed. The recognized mechanism names are: krb5, iakerb, ntlmssp + +Example: + GssapiAllowedMech krb5 + GssapiAllowedMech ntlmssp + + +### GssapiBasicAuthMech + +List of mechanisms against which Basic Auth is attempted. This is useful to +restrict the mechanisms that can be used to attaempt password auth. +By default no mechanism is set, this means all locally available mechanisms +are allowed, unless GssapiAllowedMech is set, in which case those are used. +GssapiBasicAuthMech always takes precendence over GssapiAllowedMech. +The recognized mechanism names are: krb5, iakerb, ntlmssp + +Example: + GssapiBasicAuthMech krb5