0

I've successfull implemented SSO with Kerberos an a apache webserver. Whenever a user opens the webpage, he is prompted to enter his credentials (username@REALM & password). Is there a possibility to log him in directly, without the login prompt?

Here is my configuration and the steps I have taken:

Server: web3.ch.example.net

Site: http://dev.example.net

Client OS: Windows 10

Server OS : Ubuntu 18.04 LTS

krb5.conf:

    [libdefaults]
        default_realm = CH.EXAMPLE.NET
    [realms]
        CH.EXAMPLE.NET = {
            kdc = DC.CH.EXAMPLE.NET
            admin_server = DC.CH.EXAMPLE.NET
}

[domain_realm]
   .ch.example.net = CH.EXAMPLE.NET
    ch.example.net = CH.EXAMPLE.NET

apche site.conf:

        <Location />
                AuthType Kerberos
                AuthName "Kerberos authenticated intranet"
                KrbAuthRealms CH.EXAMPLE.NET
                KrbServiceName Any
                Krb5Keytab /etc/kerberos.keytab
                KrbMethodNegotiate On
                KrbMethodK5Passwd On
                require valid-user
        </Location>

After that, I added dev.example.com to "local Intranet Sites" and set the setting for this zone to "automatic logon with current username and password"

Jonas Hüsser
  • 1
  • 2
  • The user is connected to his workstation with the credentials that should be supplied to the website? – arieljannai Jun 06 '18 at 11:44
  • Yes, the user is loged in with his domain account on the workstation and the same account should be used on the website – Jonas Hüsser Jun 06 '18 at 11:56
  • I won't be a lot of help, cause it's been a few years from my last play with apache+kerberos - but it's absolutely possible, I did it many times. – arieljannai Jun 06 '18 at 11:58

0 Answers0