Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Directory® and Apache® Using Kerberos and Apache to Authenticate via Microsoft Active Directory.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Active Directory® and Apache® Using Kerberos and Apache to Authenticate via Microsoft Active Directory."— Presentation transcript:

1 Active Directory® and Apache® Using Kerberos and Apache to Authenticate via Microsoft Active Directory

2 History Team of four system administrators Responsible for 100+ hosts running a variety of operating systems Using Microsoft Access and Excel to store user names, passwords, hostnames, ip addresses, operating systems, etc Needed a better way to store and access information.

3 History cont’d Why not create an sql database with a web-based front-end? How to protect sensitive data in the database?

4 Motivation Need to protect database. Could create new password. Why not allow users to log in with their current credentials which were stored in Active Directory? Enter Kerberos

5 Kerberos Network authentication protocol Strong authentication for client/server applications Uses secret-key cryptography FREE!!

6 Apache Web server Covered extensively in this course. Also FREE!!

7 Solution Host web site on: VMWare Virtual Server VMWare Virtual Server CentOS CentOS MySQL – Database MySQL – Database PHP – Access to the Database PHP – Access to the Database Linux, Apache, MySQL, PHP = LAMP

8 Kerberos Configuration Step 1: Create a keytab file echo HTTP/intranet.domain.name.com@active.dire ctory.server.com > /path/auth_kerb.keytab echo HTTP/intranet.domain.name.com@active.dire ctory.server.com > /path/auth_kerb.keytab chmod ugo+r /path/auth_kerb.keytab chmod ugo+r /path/auth_kerb.keytab

9 Kerberos Configuration Cont’d Step 2: Modify /etc/krb5.conf [logging] default = FILE10000:/var/log/krb5lib.log [libdefaults] ticket_lifetime = 24000 default_realm = FULLY.QUALIFIED.DOMAIN.NAME default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 aes256-cts arc four-hmac-md5 default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 aes256-cts arc four-hmac-md5 [realms] FULLY.QUALIFIED.DOMAIN.NAME = { kdc = dc1.fully.qualified.domain.name kdc = dc2.fully.qualified.domain.name admin_server = dc3.fully.qualified.domain.name default_domain = FULLY.QUALIFIED.DOMAIN.NAME } [domain_realm].fully.qualified.domain.name = FULLY.QUALIFIED.DOMAIN.NAME fully.qualified.domain.name = FULLY.QUALIFIED.DOMAIN.NAME Kerberos can be tested by using the kinit command. See the krb5 man page for details.

10 Apache Configuration Modify httpd.conf Add the following inside the you wish to safeguard RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} AuthName "COS Enterprise Labs Organization" AuthType Kerberos Krb5Keytab /var/www/passwd/kerberos/auth_kerb.keytab KrbAuthRealm EXAMPLE.COM KrbMethodNegotiate off KrbSaveCredentials off KrbVerifyKDC off Require user user1@EXAMPLE.COM user2@EXAMPLE.COM... RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} AuthName "COS Enterprise Labs Organization" AuthType Kerberos Krb5Keytab /var/www/passwd/kerberos/auth_kerb.keytab KrbAuthRealm EXAMPLE.COM KrbMethodNegotiate off KrbSaveCredentials off KrbVerifyKDC off Require user user1@EXAMPLE.COM user2@EXAMPLE.COM... Restart the Apache daemon Restart the Apache daemon

11 Questions?

Download ppt "Active Directory® and Apache® Using Kerberos and Apache to Authenticate via Microsoft Active Directory."

Similar presentations

Web Hosting. The purpose of this Startup Guide is to familiarize you with Own Web Now's Web Hosting. Own Web Now offers two web hosting platforms, one.

Web Hosting. The purpose of this Startup Guide is to familiarize you with Own Web Now's Web Hosting. Own Web Now offers two web hosting platforms, one.
Dan Fleck.  WAMP – Windows Apache MySQL PHP -  LAMP – Linux Apache MySQL PHP ◦ There are.

Dan Fleck.  WAMP – Windows Apache MySQL PHP -  LAMP – Linux Apache MySQL PHP ◦ There are.
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
What to expect.  Linux  Windows Server (2008 or 2012)

What to expect.  Linux  Windows Server (2008 or 2012)
The Apache Web Server  Started in April 1996 as an open source multiplatform web server (Windows, FreeBSD, UNIX, and Linux compatible).  Now the world’s.

The Apache Web Server  Started in April 1996 as an open source multiplatform web server (Windows, FreeBSD, UNIX, and Linux compatible).  Now the world’s.
Created by Brendan Ryan1 Apache Server A MySql Database A fully PhP Execution Easy PhP.

Created by Brendan Ryan1 Apache Server A MySql Database A fully PhP Execution Easy PhP.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Copyright © 2014 EMC Corporation. All Rights Reserved. Exporting NFS File Systems to UNIX/ESXi Upon completion of this module, you should be able to: Export.

Copyright © 2014 EMC Corporation. All Rights Reserved. Exporting NFS File Systems to UNIX/ESXi Upon completion of this module, you should be able to: Export.
Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.

Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.
SquirrelMail for Webmail AfNOG 2012 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Serrekunda, Gambia (Original Materials by Joelja)

SquirrelMail for Webmail AfNOG 2012 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Serrekunda, Gambia (Original Materials by Joelja)
APACHE SERVER By Innovationframes.com »

APACHE SERVER By Innovationframes.com »
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
SquirrelMail for Webmail AfNOG 2013 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Lusaka, Zambia (Original Materials by Joelja)

SquirrelMail for Webmail AfNOG 2013 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Lusaka, Zambia (Original Materials by Joelja)
Scott Grizzard

Scott Grizzard
SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB

SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB
Linux Operations and Administration

Linux Operations and Administration
By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.

By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.
Website Administration Information Systems 337 Prof. Harry Plantinga.

Website Administration Information Systems 337 Prof. Harry Plantinga.

Similar presentations

Ads by Google