Apache2 : Kerberos Authentication2019/01/25

Limit accesses on specific web pages and use Windows Active Directory users for authentication with SSL connection.

It's necessarry to be running Windows Active Directory in your LAN.

Domain Server	: Windows Server 2016
NetBIOS Name	: FD3S01
Domain Name	: srv.world
Realm	: SRV.WORLD
Hostname	: fd3s.srv.world

[1]

For example, set Kerberos Authentication under the directory [/srv/www/htdocs/auth-kerberos] and also set to be required SSL/TLS settings.

# add extension module first

www:~ #

SUSEConnect -p PackageHub/15/x86_64

www:~ #

zypper -n install apache2-mod_auth_kerb

www:~ #

a2enmod auth_kerb

www:~ #

vi /etc/krb5.conf

# line 9: uncomment and change to your Realm

default_realm =

SRV.WORLD

# add under the [realms] section

[realms]

    SRV.WORLD = {
        kdc = fd3s.srv.world
        admin_server = fd3s.srv.world
    }

# create keytab HTTP/[AD's hostname or IP address]@[Realm name]

www:~ #

echo "HTTP/fd3s.srv.world@SRV.WORLD" > /etc/apache2/krb5.keytab

www:~ #

vi /etc/apache2/conf.d/auth_kerberos.conf

# create new

<Directory /srv/www/htdocs/auth-kerberos>
    SSLRequireSSL
    AuthType Kerberos
    AuthName "Kerberos Authntication"
    KrbAuthRealms SRV.WORLD
    Krb5Keytab /etc/apache2/krb5.keytab
    KrbMethodNegotiate Off
    KrbSaveCredentials Off
    KrbVerifyKDC Off
    Require valid-user
</Directory>

www:~ #

systemctl restart apache2

# create a test page

www:~ #

mkdir /srv/www/htdocs/auth-kerberos

www:~ #

vi /srv/www/htdocs/auth-kerberos/index.html

<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page for Kerberos Auth
</div>
</body>
</html>

[2]	Access to the test page from a client computer with a web browser. Then authentication is required like follows as a setting, answer with a user which is added in Active Directory.

[3]	Just accessed.

Matched Content