Restrict web access on apache web server to FreeIPA users

authentication web-server apache-2.4 freeipa

We have an apache web server installed on a Centos 8 machine which is been used to easily expose user and group folders both internally and to other collaborators.

Most of the data exposed is plain HTML files, png, etc... in specific folders in the users home directories.

Now, I would like to restrict the access to some areas (folders, files...) just to our users (ideally fine grained by-group selection would be great). We use FreeIPA for authentication and I haven't found an easy way to do that.

Lots of places talk about using .htaccess and generating users and passwords for each of the users concerned. This would be decoupled from password changes in FreeIPA and add an extra complicated password synchronization (dump to file) process.

I am far from an expert in web servers, so I am surely missing things. Solutions or hints are welcome.


Solution 1:

FreeIPA uses Kerberos authentication, so it looks like you need to use mod_auth_kerb in Apache. It's available in Centos in the mod_auth_kerb package. The Centos wiki has a tutorial.

Related

Can a server with no public IP interface be a NAT?
Lets encrypt with lighttpd and wordpress
TLS 1.2 with RSA vs ECDSA Ciphers
azure AD connect certicate [closed]
Do the tld name servers cache the authoritative name servers? For how long?
How to access iDRAC from outside network. or through DDNS
MySQL databases vanished on our VPS (DigitalOcean)
Nutanix AMD-V - hardware assisted virtualisation
Access a node from different subnet
Running desktop software as a "service"
How to use the 'Client Authentication Issuers' certificate store on Windows Server 2016
Unexpected IPv6 client address from Azure Application Gateway's health probe