X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_gssapi.git;a=blobdiff_plain;f=README;h=e8d3031074c6c584bfa79e49ffa644662debea85;hp=6c374124ce25fc96203f42a7c9b7d2dbcc33e307;hb=0fb1b69e4a03b282b9df2255c153e5d3860e24c0;hpb=e6d9a30c889fe042cf3ad5073519f348dbe924f0

diff --git a/README b/README
index 6c37412..e8d3031 100644
--- a/README
+++ b/README
@@ -89,12 +89,17 @@ authentication (like NTLMSSP) it is necessary to bind to the authentication to
 the connection in order to keep the state between round-trips. With this option
 enable incomplete context are store in the connection and retrieved on the next
 request for continuation.
-When using this option you may also ant to set the Persistent-Auth header for
-those clients that make use of it.
 
 Example:
     GssapiConnectionBound On
-    Header set Persistent-Auth "true"
+
+
+### GssapiSignalPersistentAuth
+For clients that make use of Persistent-Auth header, send the header according
+to GssapiConnectionBound setting.
+
+Example:
+    GssapiSignalPersistentAuth On
 
 
 ### GssapiUseSessions
@@ -152,7 +157,7 @@ principal and the subprocess environment variable KRB5CCNAME will be set
 to point to that file.
 
 Example:
-    GssapiDelegCcacheDir = /var/run/httpd/clientcaches
+    GssapiDelegCcacheDir /var/run/httpd/clientcaches
 
 
 A user foo@EXAMPLE.COM delegating its credentials would cause the server to
@@ -171,7 +176,14 @@ ticket by the application.
 
 Example:
     GssapiUseS4U2Proxy On
-    GssapiDelegCcacheDir = /var/run/httpd/clientcaches
+    GssapiCredStore keytab:/etc/httpd.keytab
+    GssapiCredStore client_keytab:/etc/httpd.keytab
+    GssapiCredStore ccache:FILE:/var/run/httpd/krb5ccache
+    GssapiDelegCcacheDir /var/run/httpd/clientcaches
+
+NOTE: The client keytab is necessary to allow GSSAPI to initate via keytab
+on its own. If not present an external mechanism needs to kinit with the
+keytab and store a ccache in the configured ccache file.
 
 
 ### GssapiBasicAuth