SLES 15
Sponsored Link

Apache2 : Kerberos Authentication
2019/01/25
 
Limit accesses on specific web pages and use Windows Active Directory users for authentication with SSL connection.
Domain Server : Windows Server 2016
NetBIOS Name : FD3S01
Domain Name : srv.world
Realm : SRV.WORLD
Hostname : fd3s.srv.world
[1] For example, set Kerberos Authentication under the directory [/srv/www/htdocs/auth-kerberos] and also set to be required SSL/TLS settings.
# add extension module first

www:~ #
SUSEConnect -p PackageHub/15/x86_64
www:~ #
zypper -n install apache2-mod_auth_kerb
www:~ #
a2enmod auth_kerb

www:~ #
vi /etc/krb5.conf
# line 9: uncomment and change to your Realm

default_realm =
SRV.WORLD
# add under the [realms] section

[realms]
    SRV.WORLD = {
        kdc = fd3s.srv.world
        admin_server = fd3s.srv.world
    }
# create keytab HTTP/[AD's hostname or IP address]@[Realm name]

www:~ #
echo "HTTP/fd3s.srv.world@SRV.WORLD" > /etc/apache2/krb5.keytab
www:~ #
vi /etc/apache2/conf.d/auth_kerberos.conf
# create new

<Directory /srv/www/htdocs/auth-kerberos>
    SSLRequireSSL
    AuthType Kerberos
    AuthName "Kerberos Authntication"
    KrbAuthRealms SRV.WORLD
    Krb5Keytab /etc/apache2/krb5.keytab
    KrbMethodNegotiate Off
    KrbSaveCredentials Off
    KrbVerifyKDC Off
    Require valid-user
</Directory>

www:~ #
systemctl restart apache2
# create a test page

www:~ #
mkdir /srv/www/htdocs/auth-kerberos

www:~ #
vi /srv/www/htdocs/auth-kerberos/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page for Kerberos Auth
</div>
</body>
</html>
[2] Access to the test page from a client computer with a web browser. Then authentication is required like follows as a setting, answer with a user which is added in Active Directory.
[3] Just accessed.
Matched Content