apache: use HTTP for mod_auth_kerb service principal
authorClinton Ebadi <clinton@unknownlamer.org>
Mon, 12 Nov 2018 01:52:06 +0000 (20:52 -0500)
committerClinton Ebadi <clinton@unknownlamer.org>
Mon, 12 Nov 2018 01:52:06 +0000 (20:52 -0500)
HTTP/host is the hardcoded service name that the negotitate auth
method requires, which is why it has never worked here. Switch to the
expected service name going forward.

src/plugins/apache.sml

index fa5cc3a..6a9fa39 100644 (file)
@@ -929,7 +929,7 @@ val () = Env.action_one "authType"
                  write "\n";
                  case ty of
                      "kerberos" => 
                  write "\n";
                  case ty of
                      "kerberos" => 
-                     write "\tKrbServiceName apache2\n\tKrb5Keytab /etc/keytabs/service/apache\n\tKrbMethodNegotiate on\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC on\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
+                     write "\tKrbServiceName HTTP\n\tKrb5Keytab /etc/keytabs/service/apache\n\tKrbMethodNegotiate on\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC on\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
                    | _ => ())
             else
                 print "WARNING: Skipped Kerberos authType because this isn't an SSL vhost.\n")
                    | _ => ())
             else
                 print "WARNING: Skipped Kerberos authType because this isn't an SSL vhost.\n")