在企业应用中,经常会配置Apache集成AD认证.
但实际应用中,我们会遇到没有加入域或外部电脑访问的情况,此时的默认配置会让网页弹出Base Auth,界面很不友好.
我们的目的是直接跳转到网页认证页面,经过测试,配置如下可达成目的
<Directory "/var/www/html/">
Options +Includes -Indexes
AllowOverride All
AuthType Kerberos #指定验证类型
AuthName "HHH"
KrbMethodK5Passwd Off #关闭Krb5 Base Auth,这个默认是On
KrbAuthRealms YOUNGOPTICS.COM
Krb5KeyTab /etc/httpd/ksyoweb02.keytab
KrbServiceName HTTP
require valid-user
ErrorDocument 401 /logon.php #指定401时跳转网页
<Files "logon.php"> #设定此网页无需认证
Require all granted
</Files>
</Directory>
文档中相应参数说明:
KrbMethodK5Passwd on | off
(set to on by default)
To enable or disable the use of password based authentication for Kerberos v5.
KrbMethodK4Passwd on | off
(set to on by default)
To enable or disable the use of password based authentication for Kerberos v4.
ErrorDocument Directive
Description: What the server will return to the client in case of an error
Syntax: ErrorDocument error-code document
Context: server config, virtual host, directory, .htaccess
Override: FileInfo
Status: Core
Module: core
In the event of a problem or error, Apache httpd can be configured to do one of four things,
output a simple hardcoded error message
output a customized message
internally redirect to a local URL-path to handle the problem/error
redirect to an external URL to handle the problem/error