RE: mod_auth_kerb deprecate

[Sierra Padilla <sierra.padilla@xxxxxxxxxxxxxx>]

Hi,

Just checking, are you interested acquiring the list of attendees? Please respond my email. I'm waiting for your response.

We are discussing about Prices And, provide the discount cost.

Thank you.

 

 

From: vicky chb <vkychb04@xxxxxxxxx>
Sent: Tuesday, December 6, 2022 4:25 PM
To: users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] mod_auth_kerb deprecate

 

Hi all,

 

We are planning to configure Kerberos with Apache HTTPD Server 2.4.37 installed on RHEL 8.5. As per RHEL, mod_auth_kerb module has been deprecated and has been replaced by mod_auth_gssapi. We have Virtual host configuration of Kerberos(from old setup) but don't know what will be the equivalent settings to do with gssapi module.

 

 LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so

 LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so

 LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so

 LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so

 LoadModule proxy_ajp_module /usr/lib/apache2/modules/mod_proxy_ajp.so

 LoadModule auth_kerb_module /usr/lib/apache2/modules/mod_auth_kerb.so

 

 <VirtualHost *:10080>

     <Proxy *>

         Order deny,allow

         Allow from all

     </Proxy>

     ProxyRequests     Off

     ProxyPreserveHost On

     ProxyPass / ajp://localhost:8009/

     ProxyPassReverse / ajp://localhost:8009/

     ServerName mywebserver.intdomain.local

     <Location />

                 Order allow,deny

                 Allow from all

                 AuthType Kerberos

                 KrbServiceName HTTP/mywebserver.intdomain.local@INTDOMAIN.LOCAL

                 AuthName "Domain login"

                 KrbAuthRealms INTDOMAIN.LOCAL

                 Krb5KeyTab /etc/apache2/kerberos.keytab

                 require valid-user

                 KrbMethodNegotiate  On

                 KrbMethodK5Passwd   Off

                 #KrbLocalUserMapping On

 

                 # Below directives put logon name of authenticated user into http header X-User-Global-ID

                 RequestHeader unset X-User-Global-ID

                 RewriteEngine On

                 RewriteCond   %{LA-U:REMOTE_USER} (.+)

                 RewriteRule   /.* - [E=RU:%1,L,NS]

                 RequestHeader set X-User-Global-ID %{RU}e

 

                 # Remove domain suffix to get the simple logon name

                 # RequestHeader edit X-User-Global-ID "@INTDOMAIN.LOCAL$" ""

 

     </Location>

 </VirtualHost>

 Listen 10080

 

Cheers

-Vicky