Proxy Kerberos to Basic by Apache

The great disadvantage of Spectrum Spatial Server is that it uses only basic authentication, but system’s front server apache uses Kerberos. So. How should Spectrum Spatial server authorize user? Because it waits for basic authorization header, but apache will send by proxy big negotiate token.

Scheme

SpectrumSecurity

Solution


The solution is to rewrite authorization header from kerberos to basic before it will send request by proxy to Spectrum Spatial. Ok. Apache knows user name, but doesn’t know password. What we should do? We should to duplicate users from AD in spectrum with some default password, which apache knows. And it is secure because user doesn’t see Spectrum Server.

I created the proxy.conf, code below

Perl script for base64 string b64.pl

So, it just works.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 + 8 =