#

# OneClickKick Kerberos Support Example

#
# THIS FILE REQUIRES MODIFICATION
#
# Rewrite rules to make sure FQDN is used
# Make sure to CHANGE these to use YOUR hostname
#
RewriteCond %{HTTP_HOST} !^www.comunicaciones-practicas.es$ [NC]
RewriteRule ^/(.*) http://www.comunicaciones-practicas.es/$1 [L,R=301]
#
# Alias the web directory and set options
#
Alias /ock /var/lib/ock/htdocs
<Directory "/var/lib/ock/htdocs">
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
#
# Alias the tftpboot directory and set options
#
Alias /ockimg /var/lib/ock/tftpboot/img
<Directory "/var/lib/ock/tftpboot/img">
Options -Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
#
# Do not require auth for these URLs
#
<Location ~ /ock/(enroll.php|ks.php|noauth.php|.htaccess)>
Satisfy Any
</Location>
#
# Require Kerberos auth for the kerbauth folder used for login,
# and the IPA wrapper script ipacmd.php
#
<Location ~ /ock/(kerbauth/|ipacmd.php)>
AuthType Kerberos
AuthName "OneClickKick Kerberos Login"
KrbServiceName Any
KrbMethodNegotiate On
# Required for ockenroll to work
KrbMethodK5Passwd On
KrbAuthRealms EXAMPLE.COM
KrbSaveCredentials on
# You are required to aquire this file from your Kerberos KDC
# If you are using IPA/FreeIPA, use this command to retreive your keytab file:
# ipa-getkeytab -s ipaserver -k /etc/httpd/HTTP.keytab -p HTTP/www.comunicacio
nes-practicas.es ; chgrp apache /etc/httpd/HTTP.keytab ; chmod 750 /etc/httpd/HT
TP.keytab
Krb5KeyTab /etc/httpd/HTTP.keytab
require valid-user
</Location>
<Location /ock/kerbauth>
ErrorDocument 401 /ock/index.php?kerbauth=failed
</Location>