Hi all, We are planning to configure Kerberos with Apache HTTPD Server 2.4.37 installed on RHEL 8.5. As per RHEL, mod_auth_kerb module has been deprecated and has been replaced by mod_auth_gssapi. We have Virtual host configuration of Kerberos(from old setup) but don't know what will be the equivalent settings to do with gssapi module.
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so LoadModule proxy_ajp_module /usr/lib/apache2/modules/mod_proxy_ajp.so LoadModule auth_kerb_module /usr/lib/apache2/modules/mod_auth_kerb.so <VirtualHost *:10080> <Proxy *> Order deny,allow Allow from all </Proxy> ProxyRequests Off ProxyPreserveHost On ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ ServerName mywebserver.intdomain.local <Location /> Order allow,deny Allow from all AuthType Kerberos KrbServiceName HTTP/mywebserver.intdomain.local@INTDOMAIN.LOCAL AuthName "Domain login" KrbAuthRealms INTDOMAIN.LOCAL Krb5KeyTab /etc/apache2/kerberos.keytab require valid-user KrbMethodNegotiate On KrbMethodK5Passwd Off #KrbLocalUserMapping On # Below directives put logon name of authenticated user into http header X-User-Global-ID RequestHeader unset X-User-Global-ID RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule /.* - [E=RU:%1,L,NS] RequestHeader set X-User-Global-ID %{RU}e # Remove domain suffix to get the simple logon name # RequestHeader edit X-User-Global-ID "@INTDOMAIN.LOCAL$" "" </Location> </VirtualHost> Listen 10080 Cheers -Vicky