If you have not already done so, you first need to follow the instructions on how to .
Installation Instructions
To use the Apache module, install it and the MIT Kerberos client package:
bash
To install the Apache module, issue the following command (or create the appropriate symlinks manually):
bash
Add a dummy Kerberos key to make the module happy:
bash
Export the location of the keytab file into Apache's config:
bash
Assign the correct permissions to the keytab file:
bash
Ensure that the certificates referenced in /etc/radsec.conf can be read by the Apache user:
bash
Verify that the KeepAlive option is enabled in the Apache configuration file /etc/apache2/apache2.conf:
bash
Restart Apache:
bash
Configuration Instructions
Shibboleth2 Apache module incompatibility
Please
note that this module is currently not compatible with the Shibboleth2 service provider Apache module. When testing or using the Moonshot module, disable the Shibboleth module and restart the webserver before attempting your test. We are attempting to resolve this problem
read Section 6.2 in on module incompatibilities.
Protecting a location with Moonshot
To protect a particular location on your Apache server, you must configure it with an AuthType of "Negotiate".
Example
To allow anyone with a valid Moonshot account to access /wherever, you would do the following:
true
Populating REMOTE_USER
Web services often rely on the REMOTE_USER Apache environment variable for user information, such as a local user account or a pseudonymous identifier.
To populate REMOTE_USER, update the reply from the RP Proxy with the User-Name RADIUS attribute in the RP Proxy's post-auth section:
HTTPS Internet Explorer compatibility
For updated best practice with Internet Explorer connections, you should also read Microsoft's HTTPS and Keep-Alive Connections article.