opexxx
11/3/2016 - 11:47 AM

Apache with super simple kerb

Apache with super simple kerb

apt-get -y install ntp ntpdate
service ntp stop
ntpdate -s 10.0.1.10
service ntp start


apt-get -y install krb5-user 


echo HTTP/ubuntunew.base.local@BASE.LOCAL > /etc/httpd.keytab
chmod ugo+r /etc/httpd.keytab

vi /etc/krb5.conf

[libdefaults]
 ticket_lifetime = 24000
 default_realm = BASE.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false
 
[realms]
 BASE.LOCAL = {
  kdc = dc.base.local:88
  kdc = bdc.base.local:88
 }
 
[domain_realm]
 .base.local = BASE.LOCAL
 base.local = BASE.LOCAL
 
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

 
apt-get -y install apache2 libapache2-mod-auth-kerb
 
vi /etc/apache2/apache2.conf

<Location />
AuthName "Kerberos Login"
AuthType Kerberos
Krb5Keytab /etc/httpd.keytab
KrbAuthRealm BASE.LOCAL
KrbMethodNegotiate off
KrbSaveCredentials off
KrbVerifyKDC off
Require valid-user
</Location>

service apache2 restart

tail -f /var/log/apache2/error.log