Sponsored Link

Kerberos Authentication2015/12/03

Enable Kerberos Authentication to limit access on specific web pages. Users can authenticate via Windows Active Directory.
This example based on the environment below.
Domain Server : Windows Server 2012 R2
Domain Name : FD3S01
Hostname :
[1] For example, set Kerberos Authentication under the directory [/srv/www/htdocs/auth-kerberos] and also set to be required SSL connection.
www:~ #
zypper -n install apache2-mod_auth_kerb
www:~ #
a2enmod auth_kerb

www:~ #
vi /etc/krb5.conf
# line 2: uncomment and change to Realm name

default_realm =
# add follows under [realms] section

  kdc =
  admin_server =
# create keytab HTTP/[AD's hostname or IP address]@[Realm name]

www:~ #
echo "HTTP/" > /etc/apache2/krb5.keytab
www:~ #
vi /etc/apache2/conf.d/auth_kerberos.conf
# create new

<Directory /srv/www/htdocs/auth-kerberos>
    AuthType Kerberos
    AuthName "Kerberos Authntication"
    KrbAuthRealms FD3S.SRV.WORLD
    Krb5Keytab /etc/apache2/krb5.keytab
    KrbMethodNegotiate Off
    KrbSaveCredentials Off
    KrbVerifyKDC Off
    Require valid-user

www:~ #
/etc/init.d/apache2 restart
# create a test page

www:~ #
mkdir /srv/www/htdocs/auth-kerberos

www:~ #
vi /srv/www/htdocs/auth-kerberos/index.html
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page for Kerberos Auth
[2] Access to the test page from a client computer with a web browser. Then authentication is required like follows as a setting, answer with a user which is added in Active Directory.
[3] Just accessed.
Matched Content