Finish installing mod_auth_kerb according to the instructions on the Kerberos Module for Apache website. Using.htaccess files or Directory or Location directives in your httpd.conf file, enable Kerberos authentication for the appropriate portions of your site. Jump to Install the mod_auth_kerb authentication module - As noted above, Apache does not itself. Apt-get install libapache2-mod-auth-kerb.
Within an intranet system on Solaris we currently use perls module to authenticate with a Win 2k3 doman server, so we can access the user ID of the person browsing the site. Moving to Win 2012 AD servers, we're told this won't support NTLM, which Microsoft don't recomend these days anyway. Is a suitable replacmenet for this soft of use case? I've searched google and can't find a relavent article or tutorial showing mod-auth-kerb being used in such a way. I'm having difficulty in getting started and could use a point in the right direction. You'll need to have your Active Directory administrator create a service account that holds the Kerberos Service Principles for your intranet server. The SPN or SPN's should look like / and contain all the host names and/or DNS aliases users use to access your intranet website, so something like: http/solarishost.int.example.com http/solarishost http/intranet.example.com Your Active Directory administrator can 's to a keytab file which you need to copy to your Solaris host and configure in Apache.
Intertherm model numbers. Note: the http/hostname SPN is also used for HTTPS. On Solaris you'll need the MIT Kerberos 5 tools and libraries, download and install the Apache module and then configure it.
Typically you'll edit the global Kerberos configuration file to set up the the defaults mod-auth-kerb will also use, important are generally only the names of the REALM, typically the Windows AD domain, your DNS domain and the KDC servers - normally the domain controllers your AD administrator tells you to use. The Apache configuration looks something like this: AuthType Kerberos AuthName 'intranet' KrbMethodNegotiate on KrbAuthoritative on KrbVerifyKDC on KrbAuthRealm YOUR_ACTIVEDIRECTORY_DOMAIN Krb5Keytab /etc/httpd/intranet.keytab KrbSaveCredentials off Require valid-user Some understanding of Kerberos and Microsoft AD helps, as it can be tricky to debug for uninitiated. Oh and with Kerberos make sure your clocks are synchronized.