|
Kerberos Authentication
2014/08/25 |
|
Enable Kerberos Authentication to limit access on specific web pages. Users can authenticate via Windows Active Directory.
Therefore it's necessarry to be running Windows Active Directory in your LAN.
|
|||||||||
| [1] | |||||||||
| [2] | For example, set Kerberos Auth under the [/var/www/html/auth-kerberos] directory. |
|
[root@www ~]#
yum -y install mod_auth_kerb
[root@www ~]#
vi /etc/krb5.conf # line 7: change to Realm name default_realm = SRV.WORLD
# add follows under [realms] section [realms]
SRV.WORLD = {
kdc = fd3s.srv.world
admin_server = fd3s.srv.world
}
# add follows under [domain_realm] section [domain_realm] .srv.world = SRV.WORLD srv.world = SRV.WORLD # create keytab : HTTP/[AD's hostname or IP address]@[Realm name] [root@www ~]# echo "HTTP/fd3s.srv.world@SRV.WORLD" > /etc/httpd/conf.d/krb5.keytab
[root@www ~]#
vi /etc/httpd/conf.d/auth_kerb.conf # add to the end
<Directory /var/www/html/auth-kerberos>
SSLRequireSSL
AuthType Kerberos
AuthName "Kerberos Authntication"
KrbAuthRealms SRV.WORLD
Krb5Keytab /etc/httpd/conf.d/krb5.keytab
KrbMethodNegotiate Off
KrbSaveCredentials Off
KrbVerifyKDC Off
Require valid-user
</Directory>
# create a test page
[root@www ~]#
mkdir /var/www/html/auth-kerberos [root@www ~]# vi /var/www/html/auth-kerberos/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Test Page for Kerberos Auth </div> </body> </html> /etc/rc.d/init.d/httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ] |
| [3] | Access to the test page with a Web browser on Client and authenticate with a user which is on Active Directory. |
|
| [4] | Just accessed. |
|