Example how to configure kerberos authentication: http://www.4js.com/online_documentation/fjs-gas-manual-html/User/HowToKerberosAuth.html

and in French another step by step example: http://www.tuxlanding.net/authentification-kerberos-avec-apache-dans-un-environnement-active-directory-multi-domaine/

Kerberos Authentication tester (tool): http://blog.michelbarneveld.nl/michel/archive/2009/12/05/kerberos-authentication-tester.aspx

Kerberos error codes: http://retrohack.com/kerberos-response-codes/

Things to check when Kerberos authentication fails : http://blogs.msdn.com/b/friis/archive/2009/12/31/things-to-check-when-kerberos-authentication-fails-using-iis-ie.aspx?Redirected=true

Apache and Kerberos authentication: http://pix-mania.dyndns.org/mediawiki/index.php/Apache_-_tutoriels_-_authentification#avec_Internet_Explorer

Apache and mod_auth_kerb: http://wiki.kogite.fr/index.php/Kerberos_et_mod_auth_kerb_pour_SSO_sur_Active_Directory

Sniff: apache and kerberos authentication: http://irp.nain-t.net/doku.php/320kerberos:50_apache

Apache and mod auth kerb syntax : http://modauthkerb.sourceforge.net/configure.html

=>best settings for Apache with mod_auth_kerb:

AuthType           Kerberos 

AuthName           “Kerberos Active Directory Login” 

KrbMethodNegotiate on 

KrbMethodK5Passwd  on 

KrbAuthRealms      MYDOMAIN.NET MYDOM.COM

KrbServiceName     HTTP/serverweb.mydomain.net@MYDOMAIN.NET

Krb5Keytab         /etc/krb/krb5.keytab 

KrbVerifyKDC       on 

KrbAuthoritative   on 

require            valid-user 

You need KrbMethodNegotiate on. Without that the http client is essentially doing auth-basic to apache and apache is testing the

password against the kdc. Also, for security’s sake you should really set KrbVerifyKDC on.

L’option KrbMethodK5Passwd off fait que si l’utilisateur ne dispose pas déjà de son TGT, les portes du service lui sont irrémédiablement fermées.