Apache basic Authnz for AD as standard

Print Friendly, PDF & Email

I have just commited some edits to bcfg2 so that it is possible to enable Apache Basic authentication and Authorisation via Active Directory user or group for any vhost on any (debian) server. This will filter out gradually to servers but once the apache modules are installed you should be able to add something like the following to an include file (e.g. /usr/local/projects/project/apache/conf/conf.d/project.ilrt.bris.ac.uk-443/10-authnz.conf):

<Location />
AuthType Basic
AuthName "AD authnz restricted"
AuthBasicProvider file pam
AuthzUnixgroup on
AuthUserFile /etc/apache2/auth/htusers
AuthGroupFile /etc/apache2/auth/htgroup
Require group ILRT-Staff-Group
</Location>

DO NOT enable this on NON-SSL sites!