mod_auth_kerb deprecate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

We are planning to configure Kerberos with Apache HTTPD Server 2.4.37 installed on RHEL 8.5. As per RHEL, mod_auth_kerb module has been deprecated and has been replaced by mod_auth_gssapi. We have Virtual host configuration of Kerberos(from old setup) but don't know what will be the equivalent settings to do with gssapi module.

 LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
 LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
 LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
 LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
 LoadModule proxy_ajp_module /usr/lib/apache2/modules/mod_proxy_ajp.so
 LoadModule auth_kerb_module /usr/lib/apache2/modules/mod_auth_kerb.so
 
 <VirtualHost *:10080>
     <Proxy *>
         Order deny,allow
         Allow from all
     </Proxy>
     ProxyRequests     Off
     ProxyPreserveHost On
     ProxyPass / ajp://localhost:8009/
     ProxyPassReverse / ajp://localhost:8009/
     ServerName mywebserver.intdomain.local
     <Location />
                 Order allow,deny
                 Allow from all
                 AuthType Kerberos
                 KrbServiceName HTTP/mywebserver.intdomain.local@INTDOMAIN.LOCAL
                 AuthName "Domain login"
                 KrbAuthRealms INTDOMAIN.LOCAL
                 Krb5KeyTab /etc/apache2/kerberos.keytab
                 require valid-user
                 KrbMethodNegotiate  On
                 KrbMethodK5Passwd   Off
                 #KrbLocalUserMapping On
 
                 # Below directives put logon name of authenticated user into http header X-User-Global-ID
                 RequestHeader unset X-User-Global-ID
                 RewriteEngine On
                 RewriteCond   %{LA-U:REMOTE_USER} (.+)
                 RewriteRule   /.* - [E=RU:%1,L,NS]
                 RequestHeader set X-User-Global-ID %{RU}e
 
                 # Remove domain suffix to get the simple logon name
                 # RequestHeader edit X-User-Global-ID "@INTDOMAIN.LOCAL$" ""
 
     </Location>
 </VirtualHost>
 Listen 10080

Cheers
-Vicky

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux