Hello,
I am trying to understand the architecture for Apache kerberos:
1. I have a commercial J2EE web application (JIRA) running on tomcat (https://
app1.mycomp.com:7100/JIRA) JIRA allows kerberos authentication.
3. We are using MS AD
4. I know I need to create a service principal for the apache server and key tab file, then configure httpd.conf, etc, etc
QUESTION #1: Once I have the above in place, how does this all work in terms of user function?
For instance:
B) The credentials of the user on the windows client workstation are passed to the apache server for validation against AD, which then results in a ticket sent back to the client workstation browser
C) the ticket is then sent by the browser to the JIRA application (https://
app1.mycomp.com:7100/JIRA) which validates the ticket and allows the user in ???
QUESTION #2
A) What would the apache config look like given the above scenerio?
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/mypubliccert.pem
SSLCertificateKeyFile /etc/pki/tls/private/privatekey.pem
ProxyPreserveHost On
ProxyRequests Off
ServerName app1.mycomp.com
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
SSLProxyEngine On
<Location />
AuthType Kerberos
AuthName "Jira Kerberos Auth"
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms MYREALM
Krb5KeyTab /etc/httpd/httpd.keytab
KrbLocalUserMapping On
require valid-user
RequestHeader set X-Forwarded-User %{REMOTE_USER}s
</Location>
</VirtualHost>
Thank you for ANY and ALL help!!
Ed
