What is the proper/cleanest way of setting up apache to support SSO using NTLM, or preferably Kerberos, with CentOS7 running sssd connected to an Active Directory domain controller?
With realmd, joining the domain is now real easy, but I was unable to get apache to work in an evening. It seems that google is not well seeded with answers on this topic as of yet.
I have gotten SSO working with SSH using gssapi with putty.
All I have done after a fresh install of CentOS 7 is run realm join --user=admin@domain.fqdn --computer-ou=OU=Servers
and add default_domain_suffix to sssd.conf.
Best Answer
You need to:
See this example or this example. For more advanced integration between your Web service and SSSD, check Web_App_Authentication article on FreeIPA.org.