+</%def>
+<VirtualHost *:443>
+ ServerAdmin ${errmail}
+ ServerName ${hostname}:443
+ <%call expr="invirt_webinterface()">
+ Require valid-user
+ AuthType SSLCert
+ AuthSSLCertVar SSL_CLIENT_S_DN_Email
+ AuthSSLCertStripSuffix "@MIT.EDU"
+ </%call>
+ SSLVerifyClient require
+</VirtualHost>
+<VirtualHost *:442>
+ ServerAdmin ${errmail}
+ ServerName ${hostname}:442
+ <%call expr="invirt_webinterface()">
+ Require valid-user
+ AuthType Kerberos
+ KrbMethodNegotiate on
+ KrbMethodK5Passwd off
+ KrbAuthoritative off
+ KrbAuthRealms ${cfg.authn[0].realm}
+ Krb5Keytab /etc/invirt/keytab
+ KrbSaveCredentials off
+ </%call>
+ SSLVerifyClient optional