* "mit2ms"
  * **note:** Nowadays you might want to consider to use the more modern mod_auth_gssapi instead of mod_auth_kerb.

===== configure apache/mod_auth_kerb =====
<code>
cd /opt/src
tar xjf httpd-2.2.4.tar.bz2
cd httpd-2.2.4
./configure --prefix=/opt/soft_httpd-2.2.4
make -j6 && make install && cd ..

tar xzf mod_auth_kerb-5.3.tar.gz 
cd mod_auth_kerb-5.3
./configure --with-krb5=/opt/soft_krb5-1.6.1/ --with-krb4=no --with-apache=/opt/soft_httpd-2.2.4/
make -j6 && make install && cd ..

cd /opt/soft_httpd-2.2.4/conf
echo 'LoadModule      auth_kerb_module    modules/mod_auth_kerb.so' >>httpd.conf

vi /opt/soft_httpd-2.2.4/conf/httpd.conf
>In section <Directory "/opt/soft_httpd-2.2.4/htdocs"> change 'AllowOverride None to 'AllowOverride All'

cd ../htdocs
mkdir authed
echo 'This is in the authed area.'>authed/index.html

cat >authed/.htaccess<<EOT
AuthType Kerberos
AuthName "Kerberos Login realm FLUXCOIL.NET"
KrbAuthRealms FLUXCOIL.NET
require user tester0@FLUXCOIL.NET
Krb5Keytab /opt/soft_httpd-2.2.4/http.keytab
EOT
---------------

kadmin
> addprinc -randkey HTTP/sid64.fluxcoil.net
> ktadd  -k /opt/soft_httpd-2.2.4/http.keytab HTTP/sid64.fluxcoil.net

chmod +r /opt/soft_httpd-2.2.4/http.keytab
/opt/soft_httpd-2.2.4/bin/apachectl restart

# the serverside is ready now.
</code>

===== use from a linuxworkstation =====
<code>
klist # get ticket if needed
firefox # start kerberized firefox
> in URL-line type 'about:config'
> in filter-line type 'network.nego'
> 'network.negotiate-auth.delegation-uris' and 'network.negotiate-auth.gsslib' should be empty
> 'network.negotiate-auth.trusted-uris' should be set to 'fluxcoil.net' or other domains where automatic signon is wanted for

Now try to access http://sid64.fluxcoil.net/ and http://sid64.fluxcoil.net/authed . Latter one should automatically sign you on.
</code>

===== use from a windows-workplace =====
<code>
start firefox
> in URL-line type 'about:config'
> in filter-line type 'network.nego'
> 'network.negotiate-auth.delegation-uris' and 'network.negotiate-auth.gsslib' should be empty
> 'network.negotiate-auth.trusted-uris' should be set to 'fluxcoil.net' or other domains where automatic signon is wanted for
> 'network.auth.use-sspi' has to be set to false

Now try to access http://sid64.fluxcoil.net/ and http://sid64.fluxcoil.net/authed . Latter one should automatically sign you on.
</code>