SyferLock Help Center

mod_auth_pubtkt Setup (Apache 2.2)

Apache Prerequisite

The minimum version of the official packages that is supported is Mod_Auth_PubTkt version 0.3 or greater. This documentation already assumes you have installed and loaded the mod_auth_pubtkt module according to your distribution. If you still need to complete the installation or module loading, follow the link below to determine what is the proper method of installation for you OS / distribution.

This configuration assumes you are using Apache 2.2. All of the configuration in this chapter is based on Apache 2.2 configuration format. While this documentation only goes over Apache 2.2, other versions of Apache HTTP server are supported. See the link below for more information.

For more in-depth information about Mod_Auth_PubTkt you can browse to this link:



GridGuard does not support the Mod_Auth_PubTkt's TKTAuthPassthruBasicAuth directive, TKTAuthPassthruBasicKey directives, or TKTAuthToken directive.

Mod_auth_pubtkt tokens are not supported.

Define the Public Signing Key

The mod_auth_pubtkt modules need to know the file location for the RSA key, previously converted to PEM format, to use to verify the signer.

This key can be used for multiple sites, directories, or locations depending on where you put it in the scope.  

[server config, <virtual host>, <directory>, <location>, or .htaccess file]

TKTAuthPublicKey /path/to/my/PubAuth_PublicRSA.key 

Securing the Site

The following directives are the minimum directives that are needed to get an implementation of mod_auth_pubtkt working. The directives can be put in the <directory>, <location>, or .htaccess scope.

AuthType mod_auth_pubtkt
TKTAuthLoginURL https://{GridGuard Hostname/web/pubtkt/?realm={Realm Name[URL Escaped]}
TKTAuthTimeoutURL https://{GridGuard Hostname/web/pubtkt/?realm={Realm Name[URL Escaped]}&p=session-expired
TKTAuthUnauthURL https://{GridGuard Hostname}/web/pubtkt/?realm={Realm Name[URL Escaped]}
TKTAuthRequireSSL on
require valid-user

Additional directives are configurable and outside the scope of the GridGuard implementation.  

Additional information can be found at the mod_auth_pubtkt home.  Currently found at the following link:

Apply settings

Once you have the apache configuration complete, make sure apply the configuration by restarting / reloading the daemon/service according to your distribution.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Powered by Zendesk