Apache with super simple kerb
apt-get -y install ntp ntpdate
service ntp stop
ntpdate -s 10.0.1.10
service ntp start
apt-get -y install krb5-user
echo HTTP/ubuntunew.base.local@BASE.LOCAL > /etc/httpd.keytab
chmod ugo+r /etc/httpd.keytab
vi /etc/krb5.conf
[libdefaults]
ticket_lifetime = 24000
default_realm = BASE.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
BASE.LOCAL = {
kdc = dc.base.local:88
kdc = bdc.base.local:88
}
[domain_realm]
.base.local = BASE.LOCAL
base.local = BASE.LOCAL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
apt-get -y install apache2 libapache2-mod-auth-kerb
vi /etc/apache2/apache2.conf
<Location />
AuthName "Kerberos Login"
AuthType Kerberos
Krb5Keytab /etc/httpd.keytab
KrbAuthRealm BASE.LOCAL
KrbMethodNegotiate off
KrbSaveCredentials off
KrbVerifyKDC off
Require valid-user
</Location>
service apache2 restart
tail -f /var/log/apache2/error.log