|
Kerberos Authentication
2015/11/28 |
|
Enable Kerberos Authentication to limit access on specific web pages. Users can authenticate via Windows Active Directory.
This example based on the environment below.
|
|||||||||
| [1] | For example, set Kerberos Authentication under the directory [/srv/www/htdocs/auth-kerberos] and also set to be required SSL connection. |
|
www:~ #
www:~ # zypper -n install apache2-mod_auth_kerb a2enmod auth_kerb
www:~ #
vi /etc/krb5.conf # line 2: uncomment and change to Realm name default_realm = FD3S.SRV.WORLD
# add follows under [realms] section [realms]
FD3S.SRV.WORLD = {
kdc = fd3s.srv.world
admin_server = fd3s.srv.world
}
# create keytab HTTP/[AD's hostname or IP address]@[Realm name] www:~ # echo "HTTP/fd3s.srv.world@FD3S.SRV.WORLD" > /etc/apache2/krb5.keytab
www:~ #
vi /etc/apache2/conf.d/auth_kerberos.conf # create new
<Directory /srv/www/htdocs/auth-kerberos>
SSLRequireSSL
AuthType Kerberos
AuthName "Kerberos Authntication"
KrbAuthRealms FD3S.SRV.WORLD
Krb5Keytab /etc/apache2/krb5.keytab
KrbMethodNegotiate Off
KrbSaveCredentials Off
KrbVerifyKDC Off
Require valid-user
</Directory>
www:~ #
systemctl restart apache2
# create a test page <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Test Page for Kerberos Auth </div> </body> </html> |
| [2] | Access to the test page from a client computer with a web browser. Then authentication is required like follows as a setting, answer with a user which is added in Active Directory. |
|
| [3] | Just accessed. |
|