“UbuntuHelp:ApacheAuthViaKerberos”的版本间的差异
来自Ubuntu中文
小 (创建新页面为 '{{From|https://help.ubuntu.com/community/ApacheAuthViaKerberos}} {{Languages|UbuntuHelp:ApacheAuthViaKerberos}} === Apache Pre-reqs === Install "libapache-mod-auth-kerb" - of co...') |
小 |
| (未显示同一用户的1个中间版本) | |
(没有差异)
| |
2010年5月19日 (三) 17:25的最新版本
 |
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
Apache Pre-reqs
Install "libapache-mod-auth-kerb" - of course you'll also need apache setup and this article assumes you've already got kerberos setup as it's discussed here. One example of how you can take advantage of Kerbose & Apache in a case like this is to enable authentication with your Active Directory server.
sudo apt-get install libapache-mod-auth-kerb
/etc/krb5.keytab
You need to setup a kerberos keytab, put it where ever, I put mine at /etc/krb5.keytab. This file should contain a line of the form HTTP/replace_your_web_server_full_hostname_here@ACTIVE_DIRECTORY_FULL_DOMAIN_NAME. So, to put that another way: HTTP/[email protected]
Edit VirtualHosts
In whatever sections of your Apache VirtualHosts (or just apache config if you're running only one site), you want to add lines of the following form:
AuthName "Kerberos Login" AuthType Kerberos Krb5Keytab /etc/krb5.keytab KrbAuthRealm EXAMPLE.COM KrbMethodNegotiate off KrbSaveCredentials off KrbVerifyKDC off Require valid-user
Restart Apache
Almost done:
sudo /etc/init.d/apache restart
Helpful Pages
- This article borrows heavily from here.
