mod_spnego enables the usage of Kerberos to authenticate
users of a website running on the Apache HTTP Server (httpd) on Windows.
The authenticated user is then available in the server variable
AUTH_USER.
Just copy the binary mod_spnego.so to the modules directory
of the Apache installtion and add it to the modules list in
httpd.conf:
LoadModule spnego_module modules/mod\_spnego.so
To enable it on a site or directory, add the following directives to it:
<Directory "dir">
AuthName "Windows Authentication"
Require valid-user
AuthType SPNEGO
Krb5ServiceName HTTP
Krb5RemoveDomain 1
</Directory>
You might need to install the Visual C++ Runtime Libraries if they're not already there.
Is available at http://sourceforge.net/projects/modspnego/files/Release/1.0/mod_spnego.so/download
- Krb5ServiceName: the Kerberos service name(s), separated with a single whitespace
- Krb5RemoveDomain: 0 to NOT strip the domain name from the user's login, any other number to strip it.
- Krb5AuthEachReq: 0 for shared authentication, any other number to authenticate each request
- Krb5AuthorizeFlag: checks if user matches list given in httpd.conf
The last two are untested. Use at your own risk.
The project was created using Visual Studio 2012 and you'll also need
Apache 2.2 installed. The project assumes
C:\Program Files (x86)\Apache Software Foundation\Apache2.2
as the installation directory.
The version available here has some limitations compared to the original version:
- Windows only
- Apache 2.2 only (it does NOT work on 2.4!)
Contrary to the original it works reliable under high load conditions, but no warranty whatsoever is made that it is fit for any purpose.
Use it at your own risk!
The original version of this library was written by Frank Balluffi and Markus Moeller. It is available at http://sourceforge.net/projects/modgssapache.