X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_gssapi.git;a=blobdiff_plain;f=README;h=e23f745893b6e16055b81c17f2c1f493a00b083b;hp=530dab797575876b0bde8eea182caee43753e231;hb=98c182823c31529f70a8931dcdaf4c38db395d87;hpb=67b274a3d9f84b9c07d55b056b7b2893dccf6619

diff --git a/README b/README
index 530dab7..e23f745 100644
--- a/README
+++ b/README
@@ -152,7 +152,7 @@ principal and the subprocess environment variable KRB5CCNAME will be set
 to point to that file.
 
 Example:
-    GssapiDelegCcacheDir = /var/run/httpd/clientcaches
+    GssapiDelegCcacheDir /var/run/httpd/clientcaches
 
 
 A user foo@EXAMPLE.COM delegating its credentials would cause the server to
@@ -171,4 +171,31 @@ ticket by the application.
 
 Example:
     GssapiUseS4U2Proxy On
-    GssapiDelegCcacheDir = /var/run/httpd/clientcaches
+    GssapiCredStore keytab:/etc/httpd.keytab
+    GssapiCredStore client_keytab:/etc/httpd.keytab
+    GssapiCredStore ccache:FILE:/var/run/httpd/krb5ccache
+    GssapiDelegCcacheDir /var/run/httpd/clientcaches
+
+NOTE: The client keytab is necessary to allow GSSAPI to initate via keytab
+on its own. If not present an external mechanism needs to kinit with the
+keytab and store a ccache in the configured ccache file.
+
+
+### GssapiBasicAuth
+Allows the use of Basic Auth in conjunction with Negotiate.
+If the browser fails to use Negotiate is will instead fallback to Basic and
+the username and password will be used to try to acquire credentials in the
+module via GSSAPI. If credentials are acquire successfully then they are
+validated agaist the server's keytab.
+
+Enable with: GssapiBasicAuth On
+Default: GssapiBasicAuth Off
+
+Example:
+<Location /gssapi>
+  AuthType GSSAPI
+  AuthName "Login"
+  GssapiBasicAuth On
+  GssapiCredStore keytab:/etc/httpd/http.keytab
+  Require valid-user
+</Location>