Index: trunk/packages/sipb-xen-www/debian/changelog
===================================================================
--- trunk/packages/sipb-xen-www/debian/changelog	(revision 1229)
+++ trunk/packages/sipb-xen-www/debian/changelog	(revision 1235)
@@ -1,2 +1,8 @@
+sipb-xen-www (3.17) unstable; urgency=low
+
+  * Add Kerberos-authenticated web interface on port 442
+
+ -- Quentin Smith <quentin@mit.edu>  Fri, 24 Oct 14:22:21 -0400
+
 sipb-xen-www (3.16) unstable; urgency=low
 
Index: trunk/packages/sipb-xen-www/debian/control
===================================================================
--- trunk/packages/sipb-xen-www/debian/control	(revision 1229)
+++ trunk/packages/sipb-xen-www/debian/control	(revision 1235)
@@ -9,4 +9,4 @@
 Architecture: all
 Depends: ${misc:Depends}, libapache2-mod-fcgid, python-flup, python-cheetah, python-simplejson, sipb-xen-database-common, sipb-xen-vnc-client, kstart, debathena-afs-config, sipb-xen-base,
- libapache2-svn, postfix, subversion, zephyr-clients
+ libapache2-svn, libapache2-mod-auth-kerb, postfix, subversion, zephyr-clients
 Description: Install the sipb-xen-dev website
Index: trunk/packages/sipb-xen-www/files/etc/apache2/sites-available/ssl.mako
===================================================================
--- trunk/packages/sipb-xen-www/files/etc/apache2/sites-available/ssl.mako	(revision 1229)
+++ trunk/packages/sipb-xen-www/files/etc/apache2/sites-available/ssl.mako	(revision 1235)
@@ -5,10 +5,8 @@
 tracuri  = cfg.trac.uri
 %>
+Listen 442
 Listen 446
 
-<VirtualHost *:443>
-	ServerAdmin ${errmail}
-	ServerName ${hostname}:443
-	
+<%def name="invirt_webinterface()">
 	DocumentRoot /var/www/sipb-xen-www
 	<Directory /var/www/sipb-xen-www>
@@ -19,8 +17,5 @@
 	</Directory>
 	<Location />
-		Require valid-user
-		AuthType SSLCert
-		AuthSSLCertVar SSL_CLIENT_S_DN_Email
-		AuthSSLCertStripSuffix "@MIT.EDU"
+${caller.body()}
 	</Location>
 
@@ -57,5 +52,4 @@
 	
 	SSLCACertificateFile ssl/mitCAclient.pem
-	SSLVerifyClient require
 	SSLVerifyDepth 10
 
@@ -65,4 +59,30 @@
 
 	Redirect /wiki ${tracuri}	
+</%def>
+<VirtualHost *:443>
+	ServerAdmin ${errmail}
+	ServerName ${hostname}:443
+	<%call expr="invirt_webinterface()">
+		Require valid-user
+		AuthType SSLCert
+		AuthSSLCertVar SSL_CLIENT_S_DN_Email
+		AuthSSLCertStripSuffix "@MIT.EDU"
+	</%call>
+	SSLVerifyClient require
+</VirtualHost>
+<VirtualHost *:442>
+	ServerAdmin ${errmail}
+	ServerName ${hostname}:442
+	<%call expr="invirt_webinterface()">
+		Require valid-user
+		AuthType Kerberos
+		KrbMethodNegotiate on
+		KrbMethodK5Passwd off
+		KrbAuthoritative off
+		KrbAuthRealms ${cfg.authn[0].realm}
+		Krb5Keytab /etc/invirt/keytab
+		KrbSaveCredentials off
+	</%call>
+	SSLVerifyClient optional
 </VirtualHost>