[Samba] apache authentication using ad kerberos

Andrew Bartlett abartlet at samba.org
Sat Jun 4 23:42:37 GMT 2005

On Sat, 2005-06-04 at 09:46 -0700, Michael Brown wrote:
> Hash: SHA1
> Thanks Samba Team!
> I was able to utilize AD kerberos authentication to apache using
> mod_auth_kerb and samba.  The 'net ads keytab create' enabled me to
> create a machine keytab for the webserver.  The 'net ads keytab add'
> feature enabled me to add an 'HTTP' service principal to this keytab,
> which shows up in the AD machine object's attributes.  I did not have to
> create a user in AD and map the attributes (as in this doc:
> http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp),
> so for all intents and purposes this is a seamless operation.
> AD single sign on using GSSAPI is working for windows firefox and
> internet exploiter clients beautifully!
>  I will be writing up a doc on this soon (this weekend) at
> oslabs.mikro-net.com.

Make sure to bring all documentation to the attention of jht (cc'd). It
is very good to see this working.  

Should you find yourself needing the NTLM side of things, look at:


Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050605/29c14e52/attachment.bin

More information about the samba mailing list