Prev: YUM: FC9 - howto setup Everything repo ?
Next: setting up a server with no screen or keyboard: use X or just ssh?
From: Nico Kadel-Garcia on 3 Jul 2008 03:18
Hi, folks. There are lots of references to using Kerberos for Active
Directory based authentication, and setting up the Apache server to
authenticate itself as a registered Kerberos authentication client.
But this takes getting hostkeys installed, and I have access issues to
the Active Directory server to get the Linux server's keys installed.

I *KNOW* there's a way with HTTPD 2.x to have the webserver
authenticate against the Kerberos server, *without* registering it. I
saw it done with RHEL 4 last year. I've seen it done, but don't have
an example. I just want to have the web clients logging in
consistently with their Windows usernames and passwords, so we don't
have to maintain another inconsistent and awkward username and pasword
list to manage.

Does anyone have such a .conf file?

From: Allen Kistler on 3 Jul 2008 21:25
Nico Kadel-Garcia wrote:
> Hi, folks. There are lots of references to using Kerberos for Active
> Directory based authentication, and setting up the Apache server to
> authenticate itself as a registered Kerberos authentication client.
> But this takes getting hostkeys installed, and I have access issues to
> the Active Directory server to get the Linux server's keys installed.
>
> I *KNOW* there's a way with HTTPD 2.x to have the webserver
> authenticate against the Kerberos server, *without* registering it. I
> saw it done with RHEL 4 last year. I've seen it done, but don't have
> an example. I just want to have the web clients logging in
> consistently with their Windows usernames and passwords, so we don't
> have to maintain another inconsistent and awkward username and pasword
> list to manage.
>
> Does anyone have such a .conf file?

The integration with AD was probably LDAP, not Kerberos.
AD=LDAP+Kerberos
From: Nico Kadel-Garcia on 4 Jul 2008 18:31
Allen Kistler wrote:
> Nico Kadel-Garcia wrote:
>> Hi, folks. There are lots of references to using Kerberos for Active
>> Directory based authentication, and setting up the Apache server to
>> authenticate itself as a registered Kerberos authentication client.
>> But this takes getting hostkeys installed, and I have access issues to
>> the Active Directory server to get the Linux server's keys installed.
>>
>> I *KNOW* there's a way with HTTPD 2.x to have the webserver
>> authenticate against the Kerberos server, *without* registering it. I
>> saw it done with RHEL 4 last year. I've seen it done, but don't have
>> an example. I just want to have the web clients logging in
>> consistently with their Windows usernames and passwords, so we don't
>> have to maintain another inconsistent and awkward username and pasword
>> list to manage.
>>
>> Does anyone have such a .conf file?
>
> The integration with AD was probably LDAP, not Kerberos.
> AD=LDAP+Kerberos

While the LDAP in Active Directory is defintely accessible, it's awkward and
painful to use. No, I've seen it done with bare Kerberos. It presents a
security concern to do without registering Kerberos host keys on the Linux
Apache server, but I've seen it done with LDAP nowhere near the mix.
 | 
Pages: 1
Prev: YUM: FC9 - howto setup Everything repo ?
Next: setting up a server with no screen or keyboard: use X or just ssh?