Single Sign-on for Your Web Applications with Apache and Kerberos
Subject:   Updates to a great article
Date:   2005-03-30 03:21:43
From:   okrams

Just thought I'd share a few observations when I used this great article as a launch pad into the SPNEGO universe. Almost all of them are tidbits of information that I gathered on the web in the process, so kudos to those who posted them.

- the SPNEGO stuff is also available in mod-auth-kerb, which happens to be available as a debian package both for apache and apache2 in unstable.

- The directives for the mod-auth-kerb are significantly different from the above, they are well documented on the modules homepage (

- when using the ktpass-tool, you have to specifiy the domain name in addtion to the username (ie. domainname\username) otherwise it bails with a rather obscure error message.

- I used a short php script (well, line) to read out the environment variable:
<?php echo $_SERVER['REMOTE_USER'] ; ?>
just to convince myself that it works.