Using Active Directory Kerberos for Apache access - Setup

This is a discussion on Using Active Directory Kerberos for Apache access - Setup ; Hi, folks. There are lots of references to using Kerberos for Active Directory based authentication, and setting up the Apache server to authenticate itself as a registered Kerberos authentication client. But this takes getting hostkeys installed, and I have access ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Using Active Directory Kerberos for Apache access

  1. Using Active Directory Kerberos for Apache access

    Hi, folks. There are lots of references to using Kerberos for Active
    Directory based authentication, and setting up the Apache server to
    authenticate itself as a registered Kerberos authentication client.
    But this takes getting hostkeys installed, and I have access issues to
    the Active Directory server to get the Linux server's keys installed.

    I *KNOW* there's a way with HTTPD 2.x to have the webserver
    authenticate against the Kerberos server, *without* registering it. I
    saw it done with RHEL 4 last year. I've seen it done, but don't have
    an example. I just want to have the web clients logging in
    consistently with their Windows usernames and passwords, so we don't
    have to maintain another inconsistent and awkward username and pasword
    list to manage.

    Does anyone have such a .conf file?


  2. Re: Using Active Directory Kerberos for Apache access

    Nico Kadel-Garcia wrote:
    > Hi, folks. There are lots of references to using Kerberos for Active
    > Directory based authentication, and setting up the Apache server to
    > authenticate itself as a registered Kerberos authentication client.
    > But this takes getting hostkeys installed, and I have access issues to
    > the Active Directory server to get the Linux server's keys installed.
    >
    > I *KNOW* there's a way with HTTPD 2.x to have the webserver
    > authenticate against the Kerberos server, *without* registering it. I
    > saw it done with RHEL 4 last year. I've seen it done, but don't have
    > an example. I just want to have the web clients logging in
    > consistently with their Windows usernames and passwords, so we don't
    > have to maintain another inconsistent and awkward username and pasword
    > list to manage.
    >
    > Does anyone have such a .conf file?


    The integration with AD was probably LDAP, not Kerberos.
    AD=LDAP+Kerberos

  3. Re: Using Active Directory Kerberos for Apache access

    Allen Kistler wrote:
    > Nico Kadel-Garcia wrote:
    >> Hi, folks. There are lots of references to using Kerberos for Active
    >> Directory based authentication, and setting up the Apache server to
    >> authenticate itself as a registered Kerberos authentication client.
    >> But this takes getting hostkeys installed, and I have access issues to
    >> the Active Directory server to get the Linux server's keys installed.
    >>
    >> I *KNOW* there's a way with HTTPD 2.x to have the webserver
    >> authenticate against the Kerberos server, *without* registering it. I
    >> saw it done with RHEL 4 last year. I've seen it done, but don't have
    >> an example. I just want to have the web clients logging in
    >> consistently with their Windows usernames and passwords, so we don't
    >> have to maintain another inconsistent and awkward username and pasword
    >> list to manage.
    >>
    >> Does anyone have such a .conf file?

    >
    > The integration with AD was probably LDAP, not Kerberos.
    > AD=LDAP+Kerberos


    While the LDAP in Active Directory is defintely accessible, it's awkward and
    painful to use. No, I've seen it done with bare Kerberos. It presents a
    security concern to do without registering Kerberos host keys on the Linux
    Apache server, but I've seen it done with LDAP nowhere near the mix.

+ Reply to Thread