From 2462aefc2f65464b9f2812d7c01b81c03d4ab9ff Mon Sep 17 00:00:00 2001
From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Thu, 1 May 2014 23:47:31 -0400
Subject: [PATCH] mod_auth_kerb: Enabled KDC Verification and Negotiate

Every <Location> that enables kerberos auth has to include the
keytab/service declarations. Since we're verifying the KDC, allow
gssapi negotiate.
---
 src/plugins/apache.sml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml
index d4f7fc8..29fdf05 100644
--- a/src/plugins/apache.sml
+++ b/src/plugins/apache.sml
@@ -874,7 +874,7 @@ val () = Env.action_one "authType"
 		  write "\n";
 		  case ty of
 		      "kerberos" => 
-		      write "\tKrbMethodNegotiate off\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC off\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
+		      write "\tKrbServiceName apache2\n\tKrb5Keytab /etc/keytabs/service/apache\n\tKrbMethodNegotiate on\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC on\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
 		    | _ => ())
 	     else
 		 print "WARNING: Skipped Kerberos authType because this isn't an SSL vhost.\n")
-- 
2.20.1