[Samba] apache authentication using ad kerberos
Michael Brown
sambalist at mikro-net.com
Sun Jun 5 19:12:18 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A bare-minimum document is up at http://oslabs.mikro-net.com/krb_apache.html
It assumes samba-ads install along with all that entails.
Hope it helps.
Michael
Andrew Bartlett wrote:
> On Sat, 2005-06-04 at 09:46 -0700, Michael Brown wrote:
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Thanks Samba Team!
>>I was able to utilize AD kerberos authentication to apache using
>>mod_auth_kerb and samba. The 'net ads keytab create' enabled me to
>>create a machine keytab for the webserver. The 'net ads keytab add'
>>feature enabled me to add an 'HTTP' service principal to this keytab,
>>which shows up in the AD machine object's attributes. I did not have to
>>create a user in AD and map the attributes (as in this doc:
>>http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp),
>>so for all intents and purposes this is a seamless operation.
>>AD single sign on using GSSAPI is working for windows firefox and
>>internet exploiter clients beautifully!
>> I will be writing up a doc on this soon (this weekend) at
>>oslabs.mikro-net.com.
>
>
> Make sure to bring all documentation to the attention of jht (cc'd). It
> is very good to see this working.
>
> Should you find yourself needing the NTLM side of things, look at:
>
> http://samba.org/ftp/unpacked/lorikeet/mod_ntlm_winbind/
>
> Andrew Bartlett
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCo03+KgGND9z3oKwRAl63AKCLKHJI0cTDkFchmEbHyqYfKB2ucQCgjfxb
8Ss/C6yB1pyHilk5fDPXEm0=
=qMEG
-----END PGP SIGNATURE-----
More information about the samba
mailing list