Restrict web access on apache web server to FreeIPA users

We have an apache web server installed on a Centos 8 machine which is been used to easily expose user and group folders both internally and to other collaborators.

Most of the data exposed is plain HTML files, png, etc... in specific folders in the users home directories.

Now, I would like to restrict the access to some areas (folders, files...) just to our users (ideally fine grained by-group selection would be great). We use FreeIPA for authentication and I haven't found an easy way to do that.

Lots of places talk about using .htaccess and generating users and passwords for each of the users concerned. This would be decoupled from password changes in FreeIPA and add an extra complicated password synchronization (dump to file) process.

I am far from an expert in web servers, so I am surely missing things. Solutions or hints are welcome.


Solution 1:

FreeIPA uses Kerberos authentication, so it looks like you need to use mod_auth_kerb in Apache. It's available in Centos in the mod_auth_kerb package. The Centos wiki has a tutorial.