Apache httpd : Enable Kerberos Authentication2014/07/23 |
Enable Kerberos Authentication to limit access on specific web pages. Users can authenticate via Windows Active Directory.
Therefore it's necessarry to be running Windows Active Directory in your LAN.
This example based on the environment below.
|
|||||||||||
[1] | For example, set Kerberos Authentication under the directory [/var/www/html/auth-kerberos] and also set to be required SSL settings. |
[root@www ~]#
yum -y install mod_auth_kerb
[root@www ~]#
vi /etc/krb5.conf # line 12: uncomment and change to the Realm name default_realm = SRV.WORLD
# add follows under [realms] section [realms] SRV.WORLD = { kdc = fd3s.srv.world admin_server = fd3s.srv.world } # add follows under [domain_realm] section [domain_realm] .srv.world = SRV.WORLD srv.world = SRV.WORLD # create keytab HTTP/[AD's hostname or IP address]@[Realm name] [root@www ~]# echo "HTTP/fd3s.srv.world@SRV.WORLD" > /etc/httpd/conf.d/krb5.keytab
[root@www ~]#
vi /etc/httpd/conf.d/auth_kerberos.conf # create new <Directory /var/www/html/auth-kerberos> SSLRequireSSL AuthType Kerberos AuthName "Kerberos Authntication" KrbAuthRealms SRV.WORLD Krb5Keytab /etc/httpd/conf.d/krb5.keytab KrbMethodNegotiate Off KrbSaveCredentials Off KrbVerifyKDC Off Require valid-user </Directory>
[root@www ~]#
systemctl restart httpd
# create a test page
[root@www ~]#
mkdir /var/www/html/auth-kerberos [root@www ~]# vi /var/www/html/auth-kerberos/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Test Page for Kerberos Auth </div> </body> </html> |
[2] | Access to the test page from a client computer with a web browser. Then authentication is required like follows as a setting, answer with a user which is added in Active Directory. |
[3] | Just accessed. |
Sponsored Link |