Answer the question
In order to leave comments, you need to log in
Transparent authorization on the site, only by Log+Pass but not without Log+Pass?
There was a need to make authorization on the internal website of the company without entering a login and password. Apache2.4+Ubuntu 16.04 has been brought into the domain. Installed kerboros module for Apache. Everything seems to be working, when going to the address of the corporate site, it asks for a Login and Password (several different users from AD with different groups of rights were entered) and the entrance to the site is successful. But if you turn off the login and password request, then there are only 401 errors on the page.
Kerberos:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = LOCAL.DOMAIN.RU
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
default_keytab_name = /etc/krb5.keytab
[realms]
LOCAL.DOMAIN.RU = {
kdc = name.local.domain.ru:88
kdc = name.local.domain.ru:88
admin_server = name.local.domain.ru:749
default_domain = local.domain.ru
}
[domain_realm]
.local.domain.ru = LOCAL.DOMAIN.RU
local.domain.ru = LOCAL.DOMAIN.RU
[appdefaults]
pam = {
debug = false
tisket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
AuthType Kerberos
AuthName "Kerberos Login"
KrbAuthRealms LOCAL.DOMAIN.RU
KrbServiceName HTTP/[email protected]
Krb5Keytab /etc/krb5.keytab
KrbMethodNegotiate On
KrbSaveCredentials On
KrbMethodK5Passwd Off
KrbLocalUserMapping On
KrbVerifyKDC Off
Require valid-user
[Wed Dec 21 15:54:28.289060 2016] [authz_core:debug] [pid 14524] mod_authz_core.c(809): [client 127.0.0.1:54494] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://*********.dev/
[Wed Dec 21 15:54:28.289146 2016] [authz_core:debug] [pid 14524] mod_authz_core.c(809): [client 127.0.0.1:54494] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://*********.dev/
[Wed Dec 21 15:54:28.289157 2016] [auth_kerb:debug] [pid 14524] src/mod_auth_kerb.c(1971): [client 127.0.0.1:54494] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos, referer: http://********.dev/
[Wed Dec 21 15:54:28.632077 2016] [authz_core:debug] [pid 14524] mod_authz_core.c(809): [client 127.0.0.1:54494] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://********.dev/sprav
[Wed Dec 21 15:54:28.632119 2016] [authz_core:debug] [pid 14524] mod_authz_core.c(809): [client 127.0.0.1:54494] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://**********.dev/sprav
[Wed Dec 21 15:54:28.632134 2016] [auth_kerb:debug] [pid 14524] src/mod_auth_kerb.c(1971): [client 127.0.0.1:54494] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos, referer: http://*********.dev/sprav
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question