Within an intranet system on Solaris we currently use perls module to authenticate with a Win 2k3 doman server, so we can access the user ID of the person browsing the site. Moving to Win 2012 AD servers, we're told this won't support NTLM, which Microsoft don't recomend these days anyway. Is a suitable replacmenet for this soft of use case? I've searched google and can't find a relavent article or tutorial showing mod-auth-kerb being used in such a way. I'm having difficulty in getting started and could use a point in the right direction. You'll need to have your Active Directory administrator create a service account that holds the Kerberos Service Principles for your intranet server. The SPN or SPN's should look like / and contain all the host names and/or DNS aliases users use to access your intranet website, so something like: http/solarishost.int.example.com http/solarishost http/intranet.example.com Your Active Directory administrator can 's to a keytab file which you need to copy to your Solaris host and configure in Apache.

Re: compiling mod_auth_kerb on Windows 2000/2003 Ed Zorob wrote: > Guys, > I need to get mod_auth_kerb.so file for windows environment. Using the > (MinGW/Msys) compiler on windows during./configure it's asking for > Kerberos environment. But I have MIT Kerberos installed already on the > box. Feb 26, 2017 - 1 Basic LDAP authentication; 2 Apache single sign-on. Found in similar documentation elsewhere for tools expecting to work against a Windows AD. You will need to install the libapache2-mod-auth-kerb package (Debian).

Note: the http/hostname SPN is also used for HTTPS. On Solaris you'll need the MIT Kerberos 5 tools and libraries, download and install the Apache module and then configure it. Typically you'll edit the global Kerberos configuration file to set up the the defaults mod-auth-kerb will also use, important are generally only the names of the REALM, typically the Windows AD domain, your DNS domain and the KDC servers - normally the domain controllers your AD administrator tells you to use. The Apache configuration looks something like this: AuthType Kerberos AuthName 'intranet' KrbMethodNegotiate on KrbAuthoritative on KrbVerifyKDC on KrbAuthRealm YOUR_ACTIVEDIRECTORY_DOMAIN Krb5Keytab /etc/httpd/intranet.keytab KrbSaveCredentials off Require valid-user Some understanding of Kerberos and Microsoft AD helps, as it can be tricky to debug for uninitiated. Oh and with Kerberos make sure your clocks are synchronized.

Rakim greatest hits zip line. Tested on Debian (Lenny, Squeeze) Ubuntu (Lucid) To configure Apache to use Kerberos authentication Kerberos is an authentication protocol that supports the concept of Single Sign-On (SSO). Having authenticated once at the start of a session, users can access network services throughout a Kerberos realm without authenticating again. For this to work it is necessary to use network protocols that are Kerberos-aware.