cd /opt/src tar xjf httpd-2.2.4.tar.bz2 cd httpd-2.2.4 ./configure --prefix=/opt/soft_httpd-2.2.4 make -j6 && make install && cd .. tar xzf mod_auth_kerb-5.3.tar.gz cd mod_auth_kerb-5.3 ./configure --with-krb5=/opt/soft_krb5-1.6.1/ --with-krb4=no --with-apache=/opt/soft_httpd-2.2.4/ make -j6 && make install && cd .. cd /opt/soft_httpd-2.2.4/conf echo 'LoadModule auth_kerb_module modules/mod_auth_kerb.so' >>httpd.conf vi /opt/soft_httpd-2.2.4/conf/httpd.conf >In section <Directory "/opt/soft_httpd-2.2.4/htdocs"> change 'AllowOverride None to 'AllowOverride All' cd ../htdocs mkdir authed echo 'This is in the authed area.'>authed/index.html cat >authed/.htaccess<<EOT AuthType Kerberos AuthName "Kerberos Login realm FLUXCOIL.NET" KrbAuthRealms FLUXCOIL.NET require user tester0@FLUXCOIL.NET Krb5Keytab /opt/soft_httpd-2.2.4/http.keytab EOT --------------- kadmin > addprinc -randkey HTTP/sid64.fluxcoil.net > ktadd -k /opt/soft_httpd-2.2.4/http.keytab HTTP/sid64.fluxcoil.net chmod +r /opt/soft_httpd-2.2.4/http.keytab /opt/soft_httpd-2.2.4/bin/apachectl restart # the serverside is ready now.
klist # get ticket if needed firefox # start kerberized firefox > in URL-line type 'about:config' > in filter-line type 'network.nego' > 'network.negotiate-auth.delegation-uris' and 'network.negotiate-auth.gsslib' should be empty > 'network.negotiate-auth.trusted-uris' should be set to 'fluxcoil.net' or other domains where automatic signon is wanted for Now try to access http://sid64.fluxcoil.net/ and http://sid64.fluxcoil.net/authed . Latter one should automatically sign you on.
start firefox > in URL-line type 'about:config' > in filter-line type 'network.nego' > 'network.negotiate-auth.delegation-uris' and 'network.negotiate-auth.gsslib' should be empty > 'network.negotiate-auth.trusted-uris' should be set to 'fluxcoil.net' or other domains where automatic signon is wanted for > 'network.auth.use-sspi' has to be set to false Now try to access http://sid64.fluxcoil.net/ and http://sid64.fluxcoil.net/authed . Latter one should automatically sign you on.