Systems/Services/Kerberos: Difference between revisions
From Pumping Station One
Amishhammer (talk | contribs) |
No edit summary |
||
| (3 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
{{mbox |type=warning |text=This information is out of date. [[IT Infrastructure|Up-to-date IT information can be found here]] }} | |||
= Kerberos = | = Kerberos = | ||
| Line 39: | Line 41: | ||
== Apache SSO == | == Apache SSO == | ||
Note: Replace 'rack' with host name of server. | |||
Setting up the keytab: | Setting up the keytab: | ||
| Line 51: | Line 55: | ||
Configure Auth: | Configure Auth: | ||
<pre> | <pre> | ||
<Location /> | |||
Authtype Kerberos | Authtype Kerberos | ||
AuthName "AD.PUMPINGSTATIONONE.ORG" | AuthName "AD.PUMPINGSTATIONONE.ORG" | ||
| Line 60: | Line 65: | ||
KrbMethodNegotiate on | KrbMethodNegotiate on | ||
Require valid-user | Require valid-user | ||
</Location> | |||
</pre> | |||
== SSH SSO == | |||
To enable kerberos SSO for your SSH client add the following lines to ~/.ssh/config | |||
<pre> | |||
GSSAPIAuthentication yes | |||
GSSAPIDelegateCredentials yes | |||
PreferredAuthentications gssapi-with-mic,publickey,keyboard-interactive,password | |||
</pre> | </pre> | ||
