Every <Location> that enables kerberos auth has to include the
keytab/service declarations. Since we're verifying the KDC, allow
gssapi negotiate.
write "\n";
case ty of
"kerberos" =>
write "\n";
case ty of
"kerberos" =>
- write "\tKrbMethodNegotiate off\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC off\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
+ write "\tKrbServiceName apache2\n\tKrb5Keytab /etc/keytabs/service/apache\n\tKrbMethodNegotiate on\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC on\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
| _ => ())
else
print "WARNING: Skipped Kerberos authType because this isn't an SSL vhost.\n")
| _ => ())
else
print "WARNING: Skipped Kerberos authType because this isn't an SSL vhost.\n")