Hi Rob,


>
> This is the configuration that I am using:
> <Location /git>
>     LimitXMLRequestBody 0
>     LimitRequestBody 0
>     AuthType GSSAPI
>     AuthName "Linux Account"
>     GssapiConnectionBound On
>     GssapiBasicAuth On
>     GssapiNegotiateOnce On
>     GssapiLocalName on
>     AuthzSendForbiddenOnFailure On
>     GssapiCredStore keytab:/etc/httpd/conf.d/httpd.keytab
>     GssapiSignalPersistentAuth On
>     GssapiSSLonly On
>     Require expr %{REMOTE_USER} =~ /@eng.example.com
> <http://eng.example.com/>$/
> </Location>

The keytab is readable by the apache user?

Thanks, turned out I had overlooked the most basic check.  A bit embarrassed by this..

Was owned by root and when I changed it to apache, all was fine.  

This mean apache attempt to read the file after it has change from root to service user I guess

Regards,
William