Authentification | Utilisateurs | Mot-de-passe |
---|---|---|
✔ |
Kerberos is a network authentication protocol used to authenticate users based on their desktop session.
LL::NG uses GSSAPI module to validate Kerberos ticket against a local keytab.
In Manager, go in General Parameters
> Authentication modules
and choose Kerberos for authentication. Then go to “Kerberos parameters” and configure the following parameters:
La configuration Kerberos est assez complexe. On peut trouver quelques éléments de configuration dans cette page.
If you want to let Web Server Kerberos module validates the Kerberos ticket, set the according option to “enabled” and configure the portal virtual host to launch the module if “kerberos” GET parameter is in the request.
Example with Apache and mod_auth_kerb:
<If "%{QUERY_STRING} =~ /kerberos=/"> <IfModule auth_kerb_module> AuthType Kerberos KrbMethodNegotiate On KrbMethodK5Passwd Off KrbAuthRealms EXAMPLE.COM Krb5KeyTab /etc/lemonldap-ng/auth.keytab KrbVerifyKDC On KrbServiceName Any require valid-user </IfModule> </If>