Description of problem:

Currently, with --foreman-ipa-authentication=true option to katello-installer to configure external authentication, mod_auth_kerb gets configured. One mod_auth_gssapi becomes available in the base OS, the installer should configure that instead.

Version-Release number of selected component (if applicable):

Satellite 6.0.x.

How reproducible:

Deterministic.

Steps to Reproduce:
1. Configure external authentication to get Kerberos SSO.
2. Note that it does not need to be against IdM/IPA if RFE in bug 1198103 gets addressed.

Actual results:

mod_auth_kerb is installed and configured.

Expected results:

mod_auth_gssapi is installed and configured.

Additional info:

The mod_auth_gssapi modules uses GSSAPI calls instead of low-level Kerberos calls, making it possible to for example use GSS-Proxy for complete privilege separation where the Apache HTTP server does not have access to the keytab, increasing security.