School of Informatics and Computing

August 2009 - Kerberos/.htaccess realm change

Currently, you may have require user lines in your .htaccess file that look like the following:

require user robh	** used to work on solaris server
require user robh@IU.EDU	** used to work on linux server
require user robh robh@IU.EDU	** used to work on both servers

With the change to this new ADS.IU.EDU kerberos realm, you will have to start using usernames like robh@ADS.IU.EDU. However, during this transition period we recommend that you use lines like the following:

require user robh robh@IU.EDU robh@ADS.IU.EDU

** Recommended

These will work immediately and also work when the kerberos server migration is complete.

If you are using kerberos authentication but not specifying individual users then no change is required. For example, granting access to any authenticated user as follows will continue to work with no changes:

require valid-user

Note that you may also have a line in your .htaccess file like this:

KrbAuthRealm IU.EDU

Our recommendation is that you remove this line as it is not required. If you change IU.EDU to ADS.IU.EDU then it will break things on the current solaris web server so we do not recommend that change. However, either leaving it as it is or removing it altogether should work with all servers, even after the migration to ADS.IU.EDU is complete.

The old IU.EDU realm is being removed from service on September 17th, 2009, but we hope to have the migration to the new realm completed on the CS server by August 31st, 2009.

For more information about using kerberos with .htaccess files on the CS servers, please see the associated FAQ entry.

[Return to the System Notices Directory]