- 论坛徽章:
- 0
|
Apache采用Kerberos验证Windows AD域用户
http.conf:
- 1037 <Location /var/www/html/sso>
- 1038 AuthType Kerberos
- 1039 AuthName "Kerberos Login"
- 1040 KrbMethodNegotiate On
- 1041 KrbMethodK5Passwd Off
- 1042 KrbAuthRealms TEST.COM
- 1043 Krb5KeyTab /etc/httpd/conf/kerberos.keytab
- 1044 require valid-user
- 1045 </Location>
复制代码
kb5.conf:
- 1 [logging]
- 2 default = FILE:/var/log/krb5libs.log
- 3 kdc = FILE:/var/log/krb5kdc.log
- 4 admin_server = FILE:/var/log/kadmind.log
- 5
- 6 [libdefaults]
- 7 default_realm = TEST.COM
- 8
- 9 [realms]
- 10 TEST.COM = {
- 11 default_domain = test.com
- 12 kdc = 10.16.0.37:88
- 13 admin_server = 10.16.0.37
- 14 }
- 15
- 16
- 17 [domain_realm]
- 18 test.com = TEST.COM
复制代码
index.php
- 1 <!DOCTYPE html>
- 2 <head>
- 3 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- 4 <title>SSO Test</title>
- 5 </head>
- 6 <body>
- 7 <?php
- 8 if (preg_match('/(?P<domain>\w+)\\\\(?P<username>\w+)/', $_SERVER['REMOTE_USER'], $m)) {
- 9 $username = strtolower($m[username]);
- 10 $domain = $m[domain];
- 11 } else {
- 12 $username = $remote_user;
- 13 }
- 14 ?>
- 15 <h1>Single Sign-On Test</h1>
- 16 <p>Welcome! You are logged in as <?=$username?> (from the
- 17 <?=$domain?> domain).</p>
- 18 </html>
复制代码
访问需要输入用户名和密码,但是不能正确是显示域名和用户名,Windows AD服务器用IE访问一样的结果, 搞了半天也没搞定问题在哪里,请大神看看吧
|
|