#
# /etc/httpd/conf.d/auth_kerb.conf (0644): server httpd configuration
#

#
# The mod_auth_kerb module implements Kerberos authentication over
# HTTP, following the "Negotiate" protocol.
# 

LoadModule auth_kerb_module modules/mod_auth_kerb.so

#
# Sample configuration: Kerberos authentication must only be
# used over SSL to prevent replay attacks.  The keytab file
# configured must be readable only by the "apache" user, and
# must contain service keys for "HTTP/www.example.com", where
# "www.example.com" is the FQDN of this server.
#

<Location /private>
  SSLRequireSSL
  AuthName "Kerberos Login"
  AuthType Kerberos
  KrbMethodNegotiate on
  KrbMethodK5Passwd off
  KrbAuthRealms EXAMPLE.COM
  KrbVerifyKDC on
  KrbServiceName HTTP
  # Keytab for httpd (readable only by root/apache)
  Krb5KeyTab /etc/httpd/httpd.keytab
  #Require group wwwusers
  #AuthGroupFile /etc/httpd/conf/wwwusers
  #ErrorDocument 401 /denied.html
  require valid-user
</Location>