33
edits
Changes
From Pumping Station One
Systems/Services/Kerberos (view source)
Revision as of 22:20, 13 September 2020
, 22:20, 13 September 2020no edit summary
{{mbox |type=warning |text=This information is out of date. [[IT Infrastructure|Up-to-date IT information can be found here]] }}
= Kerberos =
= Kerberos =
ad.pumpingstationone.org = AD.PUMPINGSTATIONONE.ORG
ad.pumpingstationone.org = AD.PUMPINGSTATIONONE.ORG
.ad.pumpingstationone.org = AD.PUMPINGSTATIONONE.ORG
.ad.pumpingstationone.org = AD.PUMPINGSTATIONONE.ORG
</pre>
== Apache SSO ==
Note: Replace 'rack' with host name of server.
Setting up the keytab:
<pre>
msktutil -u -s HTTP --server bob
cp /etc/krb5.keytab /usr/local/etc/apache24/krb5.keytab
ktutil -k /usr/local/etc/apache24/krb5.keytab remove -p rack\$
ktutil -k /usr/local/etc/apache24/krb5.keytab remove -p host/rack.ad.pumpingstationone.org
chown www /usr/local/etc/apache24/krb5.keytab
</pre>
Configure Auth:
<pre>
<Location />
Authtype Kerberos
AuthName "AD.PUMPINGSTATIONONE.ORG"
KrbAuthoritative on
KrbServiceName HTTP/rack.ad.pumpingstationone.org
Krb5Keytab /usr/local/etc/apache24/krb5.keytab
KrbAuthRealms AD.PUMPINGSTATIONONE.ORG
KrbMethodk5Passwd on
KrbMethodNegotiate on
Require valid-user
</Location>
</pre>
== SSH SSO ==
To enable kerberos SSO for your SSH client add the following lines to ~/.ssh/config
<pre>
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
PreferredAuthentications gssapi-with-mic,publickey,keyboard-interactive,password
</pre>
</pre>
