Apache Authentication Architecture
The PowerBroker Apache Authentication architecture extends Integrated Windows Authentication to the Apache web server running on a Linux or Unix system. The authentication is implemented in a dynamically loaded Apache module: mod_auth_kerb_centeris. This module is based on a BSD licensed Apache module called mod_auth_kerb, but includes modifications so that it works with PowerBroker. An additional module — mod_auth_sys_group — is used to provide authorization limiting access to the web site to the domain users or groups that you specify. The mod_auth_kerb_centeris module implements the SPNEGO, Kerberos, and Basic Authentication protocols. In doing so, it provides the majority of the Integrated Windows Authentication functionality, with the exception of the NTLMSSP protocol. The module uses the SPNEGO protocol to negotiate whether Kerberos or Basic Authentication is used.
- Overview of Setup Process
- Confirm that your components meet the requirements.
- Install the
mod_auth_kerb_centeris and mod_auth_pam Apache authentication modules.
- Configure the main Apache server or Virtual Host to use SSL (optional).
- Generate a Kerberos keytab file for the Apache server.
- Configure the
mod_auth_kerb_centeris.so and mod_auth_sys_group.so modules.