Kerberos Based SSO and Apache

Roeland Kuipers — Tue, 30 Jun 2009 09:51:33 +0000

Similar as OpenSSH Authentication Using Kerberos, but now Transparent Kerberos Authentication via Apache against Active Directory using mod_auth_kerb. This enables SSO from IE and Firefox on Apache, IE and Firefox configurations to enable this are also described in the document.

Abstract: The Apache authentication module mod_auth_kerb allows Apache to authenticate users against a Kerberos KDC including one from ActiveDirectory. Kerberos itself can be fairly complex to set up. This guide will attempt to show the specific steps required to make this possible as well as discuss security limitations specific to the interoperability matters. This guide assumes a basic understanding of Kerberos V and that the Active Directory domain controller is properly configured prior to starting this process.

Technical Analysis: Apache with mod_auth_kerb and Windows Server

OpenSSH Authentication using Kerberos

Roeland Kuipers — Tue, 30 Jun 2009 09:07:09 +0000

An interesting paper on how to authenticate against Active Directory using Kerberos and OpenSSH. This will enable SSO capabilities between Linux and windows, if used in combination with an Kerberos enabled SSH. And maybe even 2-factor authentication if combined with smartcards, haven’t tested this but should be working in theory if you use an SSH client from windows at least.

Components used:

On linux:

openssh
openssh-server
samba-common
samba-client
krb5-workstation
krb5-libs

On Windows:

Windows Support Tools

OpenSSH on Linux using Windows/Kerberos for Authentication

Putty With Kerberos

Cupfighter.net » Interoperability

Kerberos Based SSO and Apache

OpenSSH Authentication using Kerberos