Kerberos Authentication2015/11/28 |
Enable Kerberos Authentication to limit access on specific web pages. Users can authenticate via Windows Active Directory.
This example based on the environment below.
|
|||||||||
[1] | For example, set Kerberos Authentication under the directory [/srv/www/htdocs/auth-kerberos] and also set to be required SSL connection. |
www:~ #
www:~ # zypper -n install apache2-mod_auth_kerb a2enmod auth_kerb
www:~ #
vi /etc/krb5.conf # line 2: uncomment and change to Realm name default_realm = FD3S.SRV.WORLD
# add follows under [realms] section [realms] FD3S.SRV.WORLD = { kdc = fd3s.srv.world admin_server = fd3s.srv.world } # create keytab HTTP/[AD's hostname or IP address]@[Realm name] www:~ # echo "HTTP/fd3s.srv.world@FD3S.SRV.WORLD" > /etc/apache2/krb5.keytab
www:~ #
vi /etc/apache2/conf.d/auth_kerberos.conf # create new <Directory /srv/www/htdocs/auth-kerberos> SSLRequireSSL AuthType Kerberos AuthName "Kerberos Authntication" KrbAuthRealms FD3S.SRV.WORLD Krb5Keytab /etc/apache2/krb5.keytab KrbMethodNegotiate Off KrbSaveCredentials Off KrbVerifyKDC Off Require valid-user </Directory>
www:~ #
systemctl restart apache2
# create a test page <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Test Page for Kerberos Auth </div> </body> </html> |
[2] | Access to the test page from a client computer with a web browser. Then authentication is required like follows as a setting, answer with a user which is added in Active Directory. |
[3] | Just accessed. |
Sponsored Link |
|