Kerberos Installation Guide
Step 1 – Pre-requisites
Kerberos Apache Module
Time on AD and Apache Server must be same
Step 2 Keytab File
In order to use kerberos authentication in apache httpd we need a service principal entry in the keytab file on the machine running apache httpd. All descriptions here use the global keytab file in /etc/krb5.keytab.
A keytab file needs to be created because each kerberized Apache server needs an AD account to authenticate against the domain. The ktpass command is used on the Windows system to map the AD user to the HTTP service and then create the corresponding keytab file which is what we need on the Centos Linux webserver configuration
Before this kerberos client must be installed obn Apache server with valid krb5.conf file
Steps for Keytab File
1. Create Service Principal for httpd on KDC
2. Create User account for every Apache server
3. Create Keytab File in Service Principal for every user account (Step 2)
We need to repeat these steps for every Apache server
4. Move the keytab file on Linux machine, copy it’s contents in /etc/krb5.keytab
5. Verify using kinit and klist commands.
Step 3 Apache Config
Add following in httpd.conf
Apache confighuration depends upon your requirment and environment.