Hi, folks. There are lots of references to using Kerberos for Active
Directory based authentication, and setting up the Apache server to
authenticate itself as a registered Kerberos authentication client.
But this takes getting hostkeys installed, and I have access issues to
the Active Directory server to get the Linux server's keys installed.

I *KNOW* there's a way with HTTPD 2.x to have the webserver
authenticate against the Kerberos server, *without* registering it. I
saw it done with RHEL 4 last year. I've seen it done, but don't have
an example. I just want to have the web clients logging in
consistently with their Windows usernames and passwords, so we don't
have to maintain another inconsistent and awkward username and pasword
list to manage.

Does anyone have such a .conf file?

Nico Kadel-Garcia wrote:
> Hi, folks. There are lots of references to using Kerberos for Active
> Directory based authentication, and setting up the Apache server to
> authenticate itself as a registered Kerberos authentication client.
> But this takes getting hostkeys installed, and I have access issues to
> the Active Directory server to get the Linux server's keys installed.
>
> I *KNOW* there's a way with HTTPD 2.x to have the webserver
> authenticate against the Kerberos server, *without* registering it. I
> saw it done with RHEL 4 last year. I've seen it done, but don't have
> an example. I just want to have the web clients logging in
> consistently with their Windows usernames and passwords, so we don't
> have to maintain another inconsistent and awkward username and pasword
> list to manage.
>
> Does anyone have such a .conf file?

The integration with AD was probably LDAP, not Kerberos.
AD=LDAP+Kerberos

Allen Kistler wrote:
> Nico Kadel-Garcia wrote:
>> Hi, folks. There are lots of references to using Kerberos for Active
>> Directory based authentication, and setting up the Apache server to
>> authenticate itself as a registered Kerberos authentication client.
>> But this takes getting hostkeys installed, and I have access issues to
>> the Active Directory server to get the Linux server's keys installed.
>>
>> I *KNOW* there's a way with HTTPD 2.x to have the webserver
>> authenticate against the Kerberos server, *without* registering it. I
>> saw it done with RHEL 4 last year. I've seen it done, but don't have
>> an example. I just want to have the web clients logging in
>> consistently with their Windows usernames and passwords, so we don't
>> have to maintain another inconsistent and awkward username and pasword
>> list to manage.
>>
>> Does anyone have such a .conf file?
>
> The integration with AD was probably LDAP, not Kerberos.
> AD=LDAP+Kerberos

While the LDAP in Active Directory is defintely accessible, it's awkward and
painful to use. No, I've seen it done with bare Kerberos. It presents a
security concern to do without registering Kerberos host keys on the Linux
Apache server, but I've seen it done with LDAP nowhere near the mix.