Installation and Maintenance

Simple configuration with Kerberos password (recommended only for testing)

The basic steps needed for teh Kerberos password method are:
 

  • Install Kerberos Client
  • Install and activate Apache Kerberos module
  • Configure the Kerberos client (/etc/krb5.conf)
  • Configure one directory of your site to be protected by Kerberos authentication (site configuration file or .htaccess)

As soon as the results of these configurations work, /etc/krb5.conf and apache are basically configured correctly. first testing can be done using the kinit command, next step is accessing the directory via browser (User is prompted for name and password; apache then performs the Kerberos verificaton. Successful authentication grants access to the directory, authentication failure results in a http 401 error. Configuraton problems are often reported as http 500 error.
 
If you need to troubleshoot problems deeply, set Apache's loglevel to "debug" to give you more information (like error codes) in the error logfiles.
 

Ususally Kerberos password is not too complicated to configure, but remember: Password transmission to the Kerberos service is not encrypted this way, so only use this in an isolated test environment or protect communication by additional means!



No comment has been posted yet.