keytab to prevent KDC spoofing atacks. It should be used only for testing
purposes. You have been warned.
-KrbServiceName service (set to HTTP by default)
- For specification the service name that will be used by Apache for
- authentication. Corresponding key of this name must be stored in the keytab.
+KrbServiceName server_principal
+ Specifies a principal name to use by Apache when authenticating the clients.
+ By default value of the form
+ HTTP/<FQDN_of_apache>@<realm>
+ is used. The FQDN part can contain any hostname and can be used to work
+ around problems with misconfigured DNS. A corresponding key of this name
+ must be stored in the keytab.
+ If this option is set to 'Any', then any prinicpal from the keytab which
+ matches the client's request may be used.
Krb4Srvtab /path/to/srvtab
This option takes one argument, specifying the path to the Kerberos V4
authentication scheme in Apache (Apache 2.1 seems to provide better support
for multiple various authentication mechanisms).
+KrbLocalUserMapping on | off (set to off by default)
+ When enabled, modul will try to translate authenticated username to local
+ name, which can be used by applications requiring an environment-specific
+ name (e.g. user account name). Simply, the realm name will be stripped out.
+
Note on server principals
-------------------------
Now you have to create an service key for the module, which is needed to
credential cache that will be available for the request handler. The ticket
file will be removed after request is handled.
-$Id: README,v 1.8 2004/01/13
-14:31:53 kouril Exp $
+$Id$