Authentication | Users | Password |
---|---|---|
✔ |
Kerberos is a network authentication protocol used to authenticate users based on their desktop session.
LL::NG uses GSSAPI module to validate Kerberos ticket against a local keytab.
In Manager, go in General Parameters
> Authentication modules
and choose Kerberos for authentication. Then go to “Kerberos parameters” and configure the following parameters:
The Kerberos configuration is quite complex. You can find some configuration tips on this page.
If you want to let Web Server Kerberos module validates the Kerberos ticket, set the according option to “enabled” and configure the portal virtual host to launch the module if “kerberos” GET parameter is in the request.
Example with Apache and mod_auth_kerb:
<If "%{QUERY_STRING} =~ /kerberos=/"> <IfModule auth_kerb_module> AuthType Kerberos KrbMethodNegotiate On KrbMethodK5Passwd Off KrbAuthRealms EXAMPLE.COM Krb5KeyTab /etc/lemonldap-ng/auth.keytab KrbVerifyKDC On KrbServiceName Any require valid-user </IfModule> </If>