[users@httpd] mod_auth_kerb deprecate

Tue, 06 Dec 2022 02:55:32 -0800 

Hi all,

We are planning to configure Kerberos with Apache HTTPD Server 2.4.37
installed on RHEL 8.5. As per RHEL, mod_auth_kerb module has been
deprecated and has been replaced by mod_auth_gssapi. We have Virtual host
configuration of Kerberos(from old setup) but don't know what will be the
equivalent settings to do with gssapi module.

 LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
 LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
 LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
 LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
 LoadModule proxy_ajp_module /usr/lib/apache2/modules/mod_proxy_ajp.so
 LoadModule auth_kerb_module /usr/lib/apache2/modules/mod_auth_kerb.so

 <VirtualHost *:10080>
     <Proxy *>
         Order deny,allow
         Allow from all
     </Proxy>
     ProxyRequests     Off
     ProxyPreserveHost On
     ProxyPass / ajp://localhost:8009/
     ProxyPassReverse / ajp://localhost:8009/
     ServerName mywebserver.intdomain.local
     <Location />
                 Order allow,deny
                 Allow from all
                 AuthType Kerberos
                 KrbServiceName
HTTP/mywebserver.intdomain.local@INTDOMAIN.LOCAL
                 AuthName "Domain login"
                 KrbAuthRealms INTDOMAIN.LOCAL
                 Krb5KeyTab /etc/apache2/kerberos.keytab
                 require valid-user
                 KrbMethodNegotiate  On
                 KrbMethodK5Passwd   Off
                 #KrbLocalUserMapping On

                 # Below directives put logon name of authenticated user
into http header X-User-Global-ID
                 RequestHeader unset X-User-Global-ID
                 RewriteEngine On
                 RewriteCond   %{LA-U:REMOTE_USER} (.+)
                 RewriteRule   /.* - [E=RU:%1,L,NS]
                 RequestHeader set X-User-Global-ID %{RU}e

                 # Remove domain suffix to get the simple logon name
                 # RequestHeader edit X-User-Global-ID "@INTDOMAIN.LOCAL$"
""

     </Location>
 </VirtualHost>
 Listen 10080

Cheers
-Vicky

Reply via email to