WSGIDaemonProcess idp maximum-requests=2 user=ipsilon group=ipsilon
WSGIProcessGroup idp
-<Location /idp/login/krb/negotiate>
- AuthType Kerberos
- AuthName "Kerberos Login"
- KrbMethodNegotiate on
- KrbMethodK5Passwd off
- KrbServiceName HTTP
- KrbAuthRealms IPA.DEV.LAN
- Krb5KeyTab /etc/httpd/conf/http.keytab
- KrbSaveCredentials off
- KrbConstrainedDelegation off
- KrbLocalUserMapping On
+<Location /idp/login/gssapi/negotiate>
+ AuthType GSSAPI
+ AuthName "GSSAPI Single Sign On Login"
+ GssapiCredStore /etc/httpd/conf/http.keytab
+ GssapiSSLonly On
+ GssapiLocalName on
Require valid-user
- ErrorDocument 401 /idp/login/krb/unauthorized
+ ErrorDocument 401 /idp/login/gssapi/unauthorized
+ ErrorDocument 500 /idp/login/gssapi/failed
</Location>
<Directory /usr/libexec>