Product SiteDocumentation Site

8.7. Using Trust with Kerberized Web Applications

Any existing web application can be configured to use Kerberos authentication, which references the trusted Active Directory and FreeIPA Kerberos realms.
For example, for an Apache server, set the KrbAuthRealms directive for the application location to the name of the FreeIPA domain and set the location for the keytab (Krb5Keytab). Also set other paramters to enable Kerberos authentication, the service name used for the keytab (HTTP), and the Kerberos methods (which enables password-based authentication for valid users).
<Location "/mywebapp">
   AuthType Kerberos
   AuthName "IPA Kerberos authentication"
   KrbMethodNegotiate on
   KrbMethodK5Passwd on
   KrbServiceName HTTP
   KrbAuthRealms IDM_DOMAIN
   Krb5Keytab /etc/httpd/conf/ipa.keytab
   KrbSaveCredentials off
   Require valid-user
The Kerberos configuration directives are covered in the mod_auth_kerb module man pages.
After changing the Apache application configuration, restart the Apache service:
[root@ipaserver ~]# service httpd restart