If you have not already done so, you first need to follow the instructions on how to .
Installation Instructions
To use the Apache module, install it and the MIT Kerberos client package:
bash
To install the Apache module, issue the following command (or create the appropriate symlinks manually):
bash
Add a dummy Kerberos key to make the module happy:
bash
Export the location of the keytab file into Apache's config:
bash
Assign the correct permissions to the keytab file:
bash
Ensure that the certificates referenced in /etc/radsec.conf can be read by the Apache user:
bash
Verify that the KeepAlive option is enabled in the Apache configuration file /etc/apache2/apache2.conf:
bash
Restart Apache:
bash
Configuration Instructions
Shibboleth2 Apache module incompatibility
Please read Section 6.2 in on module incompatibilities.
Protecting a location with Moonshot
To protect a particular location on your Apache server, you must configure it with an AuthType of "Negotiate".
Example
To allow anyone with a valid Moonshot account to access /wherever, you would do the following:
true
Populating REMOTE_USER
Web services often rely on the REMOTE_USER Apache environment variable for user information, such as a local user account or a pseudonymous identifier.
To populate REMOTE_USER, update the reply from the RP Proxy with the User-Name RADIUS attribute in the RP Proxy's post-auth section:
HTTPS Internet Explorer compatibility
For updated best practice with Internet Explorer connections, you should also read Microsoft's HTTPS and Keep-Alive Connections article.