Difference between revisions of "Apache Kerberos Authentication"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) (Created page with "<ref>https://www.netiq.com/communities/cool-solutions/kerberos-authentication-against-multiple-domains</ref>") |
Michael.mast (talk | contribs) |
||
| Line 1: | Line 1: | ||
| − | <ref>https://www.netiq.com/communities/cool-solutions/kerberos-authentication-against-multiple-domains</ref> | + | ==Purpose== |
| + | To allow users to authenticate using seamless SSO via kerberos.<ref>https://www.netiq.com/communities/cool-solutions/kerberos-authentication-against-multiple-domains</ref> | ||
| + | ==MultiRealm Authentication== | ||
| + | In this case I want to authenticate more than one realm (two domains). After following the common instructions online I was unable to log in using the second realm. The first realm logged in without issue. | ||
| + | <br> | ||
| + | <br> | ||
| + | NOTE 1 : This is a messy post as I have worked on this for several days and am trying to record what I did before I forget. | ||
| + | <br> | ||
| + | NOTE 2 : I am not sure if all of this is necessary, but I wanted to track everything I did regardless | ||
| + | <br> | ||
| + | <br> | ||
| + | ===Environment=== | ||
| + | *Domains | ||
| + | Domain1.tld<br> | ||
| + | Domain2.tld<br> | ||
| + | *web server | ||
| + | intranet.tld | ||
| + | ===krb5.conf=== | ||
| + | The server I am using was enrolled in domain1 using sssd and the "realm join" command many a year ago. We will be editing the krb5.conf file that was created during this process. | ||
| + | <pre> | ||
| + | |||
| + | </pre> | ||
Revision as of 10:34, 12 September 2018
Purpose
To allow users to authenticate using seamless SSO via kerberos.[1]
MultiRealm Authentication
In this case I want to authenticate more than one realm (two domains). After following the common instructions online I was unable to log in using the second realm. The first realm logged in without issue.
NOTE 1 : This is a messy post as I have worked on this for several days and am trying to record what I did before I forget.
NOTE 2 : I am not sure if all of this is necessary, but I wanted to track everything I did regardless
Environment
- Domains
Domain1.tld
Domain2.tld
- web server
intranet.tld
krb5.conf
The server I am using was enrolled in domain1 using sssd and the "realm join" command many a year ago. We will be editing the krb5.conf file that was created during this process.
