Authentication | Users | Password |
---|---|---|
✔ |
Kerberos is a network authentication protocol used for authenticating users based on their desktop session.
LL::NG uses GSSAPI module to validate Kerberos ticket against a local keytab.
In Manager, go in General Parameters
> Authentication modules
and choose Kerberos for authentication. Then go to “Kerberos parameters”
and configure the following parameters:
Attention
RewriteCond %{HTTP:Authorization}
followed by
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
)The Kerberos configuration is quite complex. You can find some configuration tips on this page.
If you want to let Web Server Kerberos module validates the Kerberos ticket, set the according option to “enabled” and configure the portal virtual host to launch the module if “kerberos” GET parameter is in the request.
Example with Apache and mod_auth_kerb:
<If "%{QUERY_STRING} =~ /kerberos=/">
<IfModule auth_kerb_module>
AuthType Kerberos
KrbMethodNegotiate On
KrbMethodK5Passwd Off
KrbAuthRealms EXAMPLE.COM
Krb5KeyTab /etc/lemonldap-ng/auth.keytab
KrbVerifyKDC On
KrbServiceName Any
require valid-user
</IfModule>
</If>