Apache Pre-reqs

Install "libapache-mod-auth-kerb" - of course you'll also need apache setup and this article assumes you've already got kerberos setup as it's discussed here. One example of how you can take advantage of Kerbose & Apache in a case like this is to enable authentication with your Active Directory server. 

sudo apt-get install libapache-mod-auth-kerb

/etc/krb5.keytab

You need to setup a kerberos keytab, put it where ever, I put mine at /etc/krb5.keytab.

This file should contain a line of the form HTTP/replace_your_web_server_full_hostname_here@ACTIVE_DIRECTORY_FULL_DOMAIN_NAME.

So, to put that another way: HTTP/www.mydomain.com@MYDOMAIN.COM

Edit VirtualHosts

In whatever sections of your Apache VirtualHosts (or just apache config if you're running only one site), you want to add lines of the following form: 

AuthName "Kerberos Login"
AuthType Kerberos
Krb5Keytab /etc/krb5.keytab
KrbAuthRealm EXAMPLE.COM
KrbMethodNegotiate off
KrbSaveCredentials off
KrbVerifyKDC off
Require valid-user

Restart Apache

Almost done: 

sudo /etc/init.d/apache restart

Helpful Pages

* This article borrows heavily from here.

ApacheAuthViaKerberos (last edited 2009-06-19 22:13:48 by static-66-11-75-249)