How To Install Modauthkerb For Windows

How To Install Modauthkerb For Windows 4,9/5 677 votes

If 'Windows Authentication' is not available, then you need to install it as a separate authentication provider (in Control Panel). APACHE Configuration There are currently 3 possible methods for this. Feb 6, 2017 - Generating a 'keytab' file for the Apache Host using the ktpass.exe tool. The ktpass command. Apt-get install libapache2-mod-auth-kerb.

Mod_auth_kerb () is an Apache module designed to provide Kerberos authentication to the Apache web server. Using the Basic Auth mechanism, it retrieves a username/password pair from the browser and checks them against a Kerberos server as set up by your particular organization. The module also supports the Negotiate authentication method, which performs full Kerberos authentication based on ticket exchanges, and does not require users to insert their passwords to the browser. In order to use the Negotiate method you need a browser supporting it (currently standard IE6.0 or Mozilla with the negotiateauth extension (). The module supports both kerberos4 and kerberos5 protocols for password verification.

The Negotiate mechanism can be only used with Kerberos v5. The module supports both 1.x and 2.x versions of Apache. Hank moody divorce with a smile walkthrough for god. If you are using the Basic Auth mechanism, the module does not do any special encryption of any sort. The passing of the username and password is done with the same Base64 encoding that Basic Auth uses. This can easily be converted to plain text. To counter this, I would suggest also using mod_ssl or Apache-SSL.

The use of SSL encryption is also recommended if you are using the Negotiate method. Building and installing the module ---------------------------------- see INSTALL Summary of Supported Directives ------------------------------- AuthType type For Kerberos authentication to work, AuthType must be set to 'Kerberos'. For the reasons of backwards compatibility the values KerberosV4 and KerberosV5 are also supported. Their use is not recommended though, for finer setting use following three options.

KrbMethodNegotiate on off (set to on by default) To enable or disable the use of the Negotiate method. You need a special support on the browser side to support this mechanism.

KrbMethodK5Passwd on off (set to on by default) To enable or disable the use of password based authentication for Kerberos v5. KrbMethodK4Passwd on off (set to on by default) To enable or disable the use of password based authentication for Kerberos v4. KrbAuthoritative on off (set to on by default) If set to off this directive allow authentication controls to be pass on to another modules. Use only if you really know what you are doing. KrbAuthRealms realm1 [realm2. RealmN] This option takes one or more arguments (separated by spaces), specifying the Kerberos realm(s) to be used for authentication. This defaults to the default realm taken from the local Kerberos configuration.

KrbVerifyKDC on off (set to on by default) This option can be used to disable the verification tickets against local keytab to prevent KDC spoofing atacks. It should be used only for testing purposes.

You have been warned. KrbServiceName server_principal Specifies a principal name to use by Apache when authenticating the clients. By default value of the form HTTP/@ is used. The FQDN part can contain any hostname and can be used to work around problems with misconfigured DNS. A corresponding key of this name must be stored in the keytab. If this option is set to 'Any', then any prinicpal from the keytab which matches the client's request may be used. Krb4Srvtab /path/to/srvtab This option takes one argument, specifying the path to the Kerberos V4 srvtab.