How To Install Mod_auth_kerb For Windows
The method described here has six steps: Install the mod_auth_kerb authentication module. Create a service principal for the web server. Create a keytab for the service principal. Specify the authentication method to be used. Specify a list of authorised users. Reload the Apache configuration.
Within an intranet system on Solaris we currently use perls Apache2::AuthenNTLM module to authenticate with a Win 2k3 doman server, so we can access the user ID of the person browsing the site.
Post by Marcus Macrinus Hello NG, I have to use Apache2 with module 'mod_auth_kerb' (on Win32 to do SSO. No, because mod_auth_kerb is a plugin to the Apache web server, not Tomcat. There are ways to integrate the Kerberos authentication mechanism in an Apache+Tomcat environment, but they're not very pretty and in some cases you might actually need to change the default internal security settings on each person's web browser. Install the mod_auth_kerb authentication module As noted above, Apache does not itself provide support for SPNEGO but it can be added using the module mod_auth_kerb. This is included in most major GNU/Linux distributions, but because it is a third-party module it is usually packaged separately from Apache.
Moving to Win 2012 AD servers, we're told this won't support NTLM, which Microsoft don't recomend these days anyway. Is mod-auth-kerb a suitable replacmenet for this soft of use case?
I've searched google and can't find a relavent article or tutorial showing mod-auth-kerb being used in such a way. I'm having difficulty in getting started and could use a point in the right direction.
Thanks
1 Answer
You'll need to have your Active Directory administrator create a service account that holds the Kerberos Service Principles for your intranet server. The SPN or SPN's should look like <service>/<hostname> and contain all the host names and/or DNS aliases users use to access your intranet website, so something like:
Your Active Directory administrator can extract the SPN's to a keytab file which you need to copy to your Solaris host and configure in Apache. Note: the http/hostname SPN is also used for HTTPS.
Hsf modem driver windows 8. On Solaris you'll need the MIT Kerberos 5 tools and libraries, download and install the Apache module and then configure it.
Typically you'll edit the global Kerberos configuration file /etc/krb5/krb5.conf to set up the the defaults mod-auth-kerb will also use, important are generally only the names of the REALM, typically the Windows AD domain, your DNS domain and the KDC servers - normally the domain controllers your AD administrator tells you to use.
Included in the pack: Retro Dream TV Box Lines VHS Stylize VHS Stylize (Damaged) RGB Split Download Preset Pack here: My Favorite Filmmaking Gear: ▶︎ My Gear: ▶︎ Sony a6300 ▶︎ Sigma 30mm 1.4 ▶︎ Sony 16-50 kit lens ▶︎ GoPro Hero Session ▶︎ Evecase Camera Backpack ▶︎ $29 Fotasy 35mm 1.7 lens Update to the latest Adobe Creative Cloud here: ▶︎ The screen recorder I use: ▶︎ Connect with me on: Instagram- Twitter - Facebook- Graded w Lumetri in Adobe Premiere Pro Sony a6300 Picture Profile: Cine4 Music by: Missed Call (feat. This tutorial will show you how to best use this free Premiere Pro preset pack. Works well in travel films or music videos. Adobe premiere free effects. A FREE collection of Retro and Vintage presets for Adobe Premiere Pro editors to stylize your next video.
The Apache configuration looks something like this:
Some understanding of Kerberos and Microsoft AD helps, as it can be tricky to debug for uninitiated. Oh and with Kerberos make sure your clocks are synchronized.
HBruijnHBruijn