mod_auth_kerb: Enabled KDC Verification and Negotiate

Every <Location> that enables kerberos auth has to include the
keytab/service declarations. Since we're verifying the KDC, allow
gssapi negotiate.

diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml
index d4f7fc8..29fdf05 100644 (file)
--- a/src/plugins/apache.sml
+++ b/src/plugins/apache.sml
@@ -874,7 +874,7 @@ val () = Env.action_one "authType"
                  write "\n";
                  case ty of
                      "kerberos" => 
-                     write "\tKrbMethodNegotiate off\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC off\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
+                     write "\tKrbServiceName apache2\n\tKrb5Keytab /etc/keytabs/service/apache\n\tKrbMethodNegotiate on\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC on\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
                    | _ => ())
             else
                 print "WARNING: Skipped Kerberos authType because this isn't an SSL vhost.\n")