|
Kerberos Authentication
2017/07/25 |
|
Enable Kerberos Authentication to limit access on specific web pages. Users can authenticate via Windows Active Directory.
It's necessarry to be running Windows Active Directory in your LAN.
This example based on the environment below.
|
|||||||||
| [1] | |||||||||
| [2] | For example, set Kerberos Authentication under the directory [/var/www/html/auth-kerberos]. |
|
[root@www ~]#
dnf -y install mod_auth_kerb
[root@www ~]#
vi /etc/krb5.conf # line 16: uncomment and change to the Realm name default_realm = SRV.WORLD
# add follows under the [realms] section [realms]
SRV.WORLD = {
kdc = fd3s.srv.world
admin_server = fd3s.srv.world
}
# add follows under the [domain_realm] section [domain_realm] .fd3s.srv.world = SRV.WORLD fd3s.srv.world = SRV.WORLD # create keytab HTTP/[AD's hostname or IP address]@[Realm name] [root@www ~]# echo "HTTP/fd3s.srv.world@SRV.WORLD" > /etc/httpd/conf.d/krb5.keytab
[root@www ~]#
vi /etc/httpd/conf.d/auth_kerberos.conf # create new
<Directory /var/www/html/auth-kerberos>
SSLRequireSSL
AuthType Kerberos
AuthName "Kerberos Authentication"
KrbAuthRealms SRV.WORLD
Krb5Keytab /etc/httpd/conf.d/krb5.keytab
KrbMethodNegotiate Off
KrbSaveCredentials Off
KrbVerifyKDC Off
Require valid-user
</Directory>
# create a test page
[root@www ~]#
mkdir /var/www/html/auth-kerberos [root@www ~]# vi /var/www/html/auth-kerberos/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Test Page for Kerberos Auth </div> </body> </html> systemctl restart httpd
|
| [3] | Access to the test page from a client computer with a web browser. Then authentication is required like follows as a setting, answer with a user which is added in Active Directory. |
|
| [4] | Just accessed. |
|