CentOS 7
Sponsored Link

Enable Kerberos Authentication
2014/07/23
 
Enable Kerberos Authentication to limit access on specific web pages. Users can authenticate via Windows Active Directory. Therefore it's necessarry to be running Windows Active Directory in your LAN.
This example based on the environment below.
Domain Server : Windows Server 2012 R2
Domain Name : FD3S01
Realm : SRV.WORLD
Hostname : fd3s.srv.world
[1] For example, set Kerberos Authentication under the directory [/var/www/html/auth-kerberos] and also set to be required SSL settings.
[[email protected] ~]#
yum -y install mod_auth_kerb
[[email protected] ~]#
vi /etc/krb5.conf
# line 12: uncomment and change to the Realm name

default_realm =
SRV.WORLD
# add follows under [realms] section

[realms]
 SRV.WORLD = {
  kdc = fd3s.srv.world
  admin_server = fd3s.srv.world
 }
# add follows under [domain_realm] section

[domain_realm]
 .srv.world = SRV.WORLD
 srv.world = SRV.WORLD
# create keytab HTTP/[AD's hostname or IP address]@[Realm name]

[[email protected] ~]#
echo "HTTP/[email protected]" > /etc/httpd/conf.d/krb5.keytab
[[email protected] ~]#
vi /etc/httpd/conf.d/auth_kerberos.conf
# create new

<Directory /var/www/html/auth-kerberos>
    SSLRequireSSL
    AuthType Kerberos
    AuthName "Kerberos Authntication"
    KrbAuthRealms SRV.WORLD
    Krb5Keytab /etc/httpd/conf.d/krb5.keytab
    KrbMethodNegotiate Off
    KrbSaveCredentials Off
    KrbVerifyKDC Off
    Require valid-user
</Directory>

[[email protected] ~]#
systemctl restart httpd
# create a test page

[[email protected] ~]#
mkdir /var/www/html/auth-kerberos

[[email protected] ~]#
vi /var/www/html/auth-kerberos/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page for Kerberos Auth
</div>
</body>
</html>
[2] Access to the test page from a client computer with a web browser. Then authentication is required like follows as a setting, answer with a user which is added in Active Directory.
[3] Just accessed.