Apache Kerberos Authentication

From Michael's Information Zone
Revision as of 10:34, 12 September 2018 by Michael.mast (talk | contribs)
Jump to navigation Jump to search

Purpose

To allow users to authenticate using seamless SSO via kerberos.[1]

MultiRealm Authentication

In this case I want to authenticate more than one realm (two domains). After following the common instructions online I was unable to log in using the second realm. The first realm logged in without issue.

NOTE 1 : This is a messy post as I have worked on this for several days and am trying to record what I did before I forget.
NOTE 2 : I am not sure if all of this is necessary, but I wanted to track everything I did regardless

Environment

  • Domains

Domain1.tld
Domain2.tld

  • web server

intranet.tld

krb5.conf

The server I am using was enrolled in domain1 using sssd and the "realm join" command many a year ago. We will be editing the krb5.conf file that was created during this process.
  1. https://www.netiq.com/communities/cool-solutions/kerberos-authentication-against-multiple-domains
Retrieved from "https://wiki.1701technology.com/index.php?title=Apache_Kerberos_Authentication&oldid=921"