You are not logged in.
Dear,
Anyone of you, knows or have tips to configure the SSO using KErberos +Apache on Centos?
Today i have the environment working fine the SSO but is using NTLM + Apache + Winbind (ldap).
Thanks if you can help me.
Best Regards.
Offline
Kinda off-topic but it's quite easy. First create a principal in ur KRB environment (HTTP / your url @ NSA GOV) - just correct the hostname and the KRB domain to match yours.
Then export the principal into a keytab, install mod_auth_kerb and configure it:
<IfModule !auth_kerb_module>
<Directory "/var/www/html/test/">
Require all denied
</Directory>
</IfModule>
<IfModule auth_kerb_module>
<Directory "/var/www/html/test/">
AuthType Kerberos
AuthName "Test Login"
Krb5Keytab /etc/krb5_apache.keytab
KrbAuthRealms NSA_GOV
Require valid-user
</Directory>
</IfModule>
Ensure krb5_apache.keytab is read-able by the Apache user (and nobody else). The above setup works with Apache 2.4 and has some kind of fallback in case the kerberos module isn't loaded / present in Apache.
Off topic: why oh why does this forum software report "Too more links in message. Allowed 2 links. Reduce number of links and post it again." when where's none ?
... tired of signatures
Offline
i'm used this article (sorry, but article in russian lang)
http://docs.ipi-manager.ru/Administrato … ry/Apache/
after this steps in GLPI
Setup/Authentication/Others/Other authentication sent in the HTTP request
Field storage of the login in the HTTP request: REMOTE_USER
Offline
i generate a keytab in my AD server
then i transfer it to my centos server
Then export the principal into a keytab, install mod_auth_kerb and configure it:
how can i export it?
when i try a kinit copy ....
i just have a prompt Kinit:
thank you in advance
Offline
Then export the principal into a keytab, install mod_auth_kerb and configure it:
"export" - mean:
start command "ktpass.exe" on Windows Server and coping result keytab-file to Linux
Offline
Kinda off-topic but it's quite easy. First create a principal in ur KRB environment (HTTP / your url @ NSA GOV) - just correct the hostname and the KRB domain to match yours.
Then export the principal into a keytab, install mod_auth_kerb and configure it:<IfModule !auth_kerb_module> <Directory "/var/www/html/test/"> Require all denied </Directory> </IfModule> <IfModule auth_kerb_module> <Directory "/var/www/html/test/"> AuthType Kerberos AuthName "Test Login" Krb5Keytab /etc/krb5_apache.keytab KrbAuthRealms NSA_GOV Require valid-user </Directory> </IfModule>
Ensure krb5_apache.keytab is read-able by the Apache user (and nobody else). The above setup works with Apache 2.4 and has some kind of fallback in case the kerberos module isn't loaded / present in Apache.
Off topic: why oh why does this forum software report "Too more links in message. Allowed 2 links. Reduce number of links and post it again." when where's none ?
Hi, I trying to apply this procedure on GLPI verison 9.3.2 and is not working. I created one site of WordPress for test the Kerberos and is working fine. Someone knows if there is another adjust to configure SSO in the GLPI Version 9.3.2?
Thanks in advance for your help.
Willian Rocha
Offline
Hi Everyone! Someone had the same problem to enable the SSO + Kerberos + Ldap in version 9.4.4? If could share some tips i wll appreciate a lot. Best regards.
Offline