0

We have an apache web server installed on a Centos 8 machine which is been used to easily expose user and group folders both internally and to other collaborators.

Most of the data exposed is plain HTML files, png, etc... in specific folders in the users home directories.

Now, I would like to restrict the access to some areas (folders, files...) just to our users (ideally fine grained by-group selection would be great). We use FreeIPA for authentication and I haven't found an easy way to do that.

Lots of places talk about using .htaccess and generating users and passwords for each of the users concerned. This would be decoupled from password changes in FreeIPA and add an extra complicated password synchronization (dump to file) process.

I am far from an expert in web servers, so I am surely missing things. Solutions or hints are welcome.

GoNiS
  • 23
  • 4

1 Answers1

1

FreeIPA uses Kerberos authentication, so it looks like you need to use mod_auth_kerb in Apache. It's available in Centos in the mod_auth_kerb package. The Centos wiki has a tutorial.

Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
  • Thanks for your answer, Andrew! However the solution seem to be valid for CentOS 7 (or earlier). In CentOS 8, mod_auth_kerb has been replaced with mod_auth_gssapi. Besides I don't see (probably my lack of knowledge) how a user can use this to protect a particular folder in his/her area. – GoNiS Jan 23 '21 at 22:51