[Samba] apache authentication using ad kerberos
sambalist at mikro-net.com
Sun Jun 5 19:12:18 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
A bare-minimum document is up at http://oslabs.mikro-net.com/krb_apache.html
It assumes samba-ads install along with all that entails.
Hope it helps.
Andrew Bartlett wrote:
> On Sat, 2005-06-04 at 09:46 -0700, Michael Brown wrote:
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Thanks Samba Team!
>>I was able to utilize AD kerberos authentication to apache using
>>mod_auth_kerb and samba. The 'net ads keytab create' enabled me to
>>create a machine keytab for the webserver. The 'net ads keytab add'
>>feature enabled me to add an 'HTTP' service principal to this keytab,
>>which shows up in the AD machine object's attributes. I did not have to
>>create a user in AD and map the attributes (as in this doc:
>>so for all intents and purposes this is a seamless operation.
>>AD single sign on using GSSAPI is working for windows firefox and
>>internet exploiter clients beautifully!
>> I will be writing up a doc on this soon (this weekend) at
> Make sure to bring all documentation to the attention of jht (cc'd). It
> is very good to see this working.
> Should you find yourself needing the NTLM side of things, look at:
> Andrew Bartlett
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba