SLES 11 SP4
Sponsored Link

Kerberos Authentication
2015/12/03
 
Enable Kerberos Authentication to limit access on specific web pages. Users can authenticate via Windows Active Directory.
This example based on the environment below.
Domain Server : Windows Server 2012 R2
Domain Name : FD3S01
Realm : FD3S.SRV.WORLD
Hostname : fd3s.srv.world
[1] For example, set Kerberos Authentication under the directory [/srv/www/htdocs/auth-kerberos] and also set to be required SSL connection.
www:~ #
zypper -n install apache2-mod_auth_kerb
www:~ #
a2enmod auth_kerb

www:~ #
vi /etc/krb5.conf
# line 2: uncomment and change to Realm name

default_realm =
FD3S.SRV.WORLD
# add follows under [realms] section

[realms]
 FD3S.SRV.WORLD = {
  kdc = fd3s.srv.world
  admin_server = fd3s.srv.world
 }
# create keytab HTTP/[AD's hostname or IP address]@[Realm name]

www:~ #
echo "HTTP/fd3s.srv.world@FD3S.SRV.WORLD" > /etc/apache2/krb5.keytab
www:~ #
vi /etc/apache2/conf.d/auth_kerberos.conf
# create new

<Directory /srv/www/htdocs/auth-kerberos>
    SSLRequireSSL
    AuthType Kerberos
    AuthName "Kerberos Authntication"
    KrbAuthRealms FD3S.SRV.WORLD
    Krb5Keytab /etc/apache2/krb5.keytab
    KrbMethodNegotiate Off
    KrbSaveCredentials Off
    KrbVerifyKDC Off
    Require valid-user
</Directory>

www:~ #
/etc/init.d/apache2 restart
# create a test page

www:~ #
mkdir /srv/www/htdocs/auth-kerberos

www:~ #
vi /srv/www/htdocs/auth-kerberos/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page for Kerberos Auth
</div>
</body>
</html>
[2] Access to the test page from a client computer with a web browser. Then authentication is required like follows as a setting, answer with a user which is added in Active Directory.
[3] Just accessed.
Matched Content
 
Tweet