From 9f051c02412b41d86c1cdb09efd4c7c1e607a992 Mon Sep 17 00:00:00 2001
From: Aurelien Rebourg <aurelien.rebourg@gmail.com>
Date: Tue, 23 May 2023 23:40:15 +0200
Subject: [PATCH] fix krb

---
 roles/apache/tasks/webserver.yml              | 2 ++
 roles/apache/templates/wordpress-site.conf.j2 | 9 ++-------
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/roles/apache/tasks/webserver.yml b/roles/apache/tasks/webserver.yml
index b10849e..df0f3b1 100644
--- a/roles/apache/tasks/webserver.yml
+++ b/roles/apache/tasks/webserver.yml
@@ -8,6 +8,8 @@
       - apache2
       - libapache2-mod-security2
       - libapache2-mod-php
+      - libapache2-mod-auth-gssapi
+      - krb5-user
 
 
 - name: Check Wordpress default site status
diff --git a/roles/apache/templates/wordpress-site.conf.j2 b/roles/apache/templates/wordpress-site.conf.j2
index b13cf47..d6f38c4 100644
--- a/roles/apache/templates/wordpress-site.conf.j2
+++ b/roles/apache/templates/wordpress-site.conf.j2
@@ -41,14 +41,9 @@
 			Require ip 192.168.2.0/24
 		</RequireAny>
 		Options -Indexes
-		LoadModule auth_kerb_module /usr/lib/apache2/modules/mod_auth_kerb.so
-		AuthType Kerberos
+		AuthType GSSAPI
 		AuthName "KERBEROS AUTHENTICATION"
-		KrbAuthRealms EPITAF.LOCAL
-		Krb5Keytab /etc/krb5.keytab
-		KrbMethodNegotiate Off
-		KrbSaveCredentials Off
-		KrbVerifyKDC Off
+		GSSAPICredStore keytab:/etc/krb5.keytab
 		Require valid-user
 		AllowOverride All
 	</Directory>