Is there any working Apache module to implement NTLM on Ubuntu Server

NaniK

7/31/24, 4:16 PM

I am trying to configure NTLM authentication for an internal site running on Apache/Ubuntu Jammy. I was able to implement LDAP authentication. Still, I want to make the login/auth process smooth as the user is already logged into his work computer using their domain credentials.

I tried installing the Apache module via apt based on some older documentation I found via Google, but the packages are no longer available.

sudo apt install libapache2-mod-auth-ntlm  
E: Unable to locate package libapache2-mod-auth-ntlm

Could you please suggest how I can implement NTLM authentication for my Apache proxy server, which is running on Debian-based Linux (Ubuntu)?

1 + 0

linux

ubuntu

active-directory

ntlm

apache-2.4

Score:2

Server

Esa Jokinen

8/1/24, 6:52 AM

Since 2010, Microsoft no longer recommends NTLM in applications.

NTLM does not support any recent cryptographic methods, such as AES or SHA-256. It uses cyclic redundancy check (CRC) or message digest algorithms ([RFC1321]) for integrity, and it uses RC4 for encryption. Deriving a key from a password is as specified in [RFC1320] and [FIPS46-2]. Therefore, applications are generally advised not to use NTLM.<81>

Microsoft Kerberos authentication should be used instead.

Although libapache2-mod-auth-kerb exists for Jammy, it has already been removed from Debian 11. Therefore, I would use libapache2-mod-auth-gssapi instead for future implementations.

sudo apt install libapache2-mod-auth-gssapi

Configure Apache, e.g.,

<Location /private>
    AuthType GSSAPI
    AuthName "GSSAPI Single Sign On Login"
    GssapiCredStore keytab:/etc/httpd.keytab
    Require valid-user
</Location>

+ 1

NaniK

8/2/24, 8:39 PM

Thank you for the suggestion @esa-jokinen . Is there any step-by-step guide that I can follow to implement this? I am very new to this implementation and want to understand how to configure the keytab file and what it actually contains. (Also, do I need to coordinate with the Active Directory team to provision anything to me so my Ubuntu server can work for this integration?)

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is there any working Apache module to implement NTLM on Ubuntu Server

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.