Je continue l’intégration de mes services à FreeIPA; dans cette optique je vous présente aujourd’hui comment intégrer Zabbix à FreeIPA grâce au module Kerberos d’Apache
Génération de la keytab
A faire sur le serveur FreeIPA
ipa service-add HTTP/zabbix.domain.local
Dans mon cas j’ouvre le service sur l’extérieur, il faut donc que le nom du service externe soit aussi dans la keytab sinon le service Kerberos ne valide pas l’authentification.
ipa service-add HTTP/zabbix.domain.com
une fois les deux services ajoutés, on peut concaténer le tout directement sur le serveur cible (ici Zabbix):
A faire sur le serveur cible
ipa-getkeytab -s freeipa.domain.local -p HTTP/zabbix.domain.local -k /etc/httpd/zabbix.keytab
ipa-getkeytab -s freeipa.domain.local -p HTTP/zabbix.domain.com -k /etc/httpd/zabbix.keytab
On liste le contenu de la keytab pour vérifier :
klist -e -k /etc/httpd/zabbix.keytab
FILE:/etc/httpd/zabbix.keytab
KVNO Principal
---- --------------------------------------------------------------------------
1 HTTP/zabbix.domain.local@DOMAIN.LOCAL (aes256-cts-hmac-sha1-96)
1 HTTP/zabbix.domain.local@DOMAIN.LOCAL (aes128-cts-hmac-sha1-96)
1 HTTP/zabbix.domain.local@DOMAIN.LOCAL (des3-cbc-sha1)
1 HTTP/zabbix.domain.local@DOMAIN.LOCAL (arcfour-hmac)
1 HTTP/zabbix.domain.com@DOMAIN.LOCAL (aes256-cts-hmac-sha1-96)
1 HTTP/zabbix.domain.com@DOMAIN.LOCAL (aes128-cts-hmac-sha1-96)
1 HTTP/zabbix.domain.com@DOMAIN.LOCAL (des3-cbc-sha1)
1 HTTP/zabbix.domain.com@DOMAIN.LOCAL (arcfour-hmac)
Ajout de l’utilisateur dans Zabbix et modification de l’authentification
Afin de ne pas se retrouver sans pouvoir accéder a notre plateforme après la modification de l’authentification, il faut créer les utilisateurs sur la plateforme. Faite ça de façon classique en passant par l’interface de Zabbix. Il faut savoir que par défaut l’authentification va prendre en compte l’uid du compte , il faut donc que les uid corresponde.
![](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAkYAAAFxCAIAAAAZKPCzAAAayElEQVR4nO3dT4xb92HgcZ6U9qCDDkKLCO4gUM4eYgEf1oc9bDO7hVNIzoxtFDAQu24QNUZRTGDECJAAEXwZ5DIKJAtBESBw0AwCToBdZFNl07i7Tplx10gixN6V22xtl3Wc2LJGI8uyUuSWHh7f4++Rjxxy+JtH8jefDwR75vHx/Rnxx+/8+EbDxl8CQBIafwEASWg8CQBJaPw5ACSh8WkASELjUwCQhMafAkASGp8EgCQ0HgWAJDT+BACS0HgEAJLQWAOAJDQ+AQBJaDwIAElonAWAJEgaAImQNAAS0fgYACSh8WEASIKkAZAILzwCkIjGEgAkQdIASETjrwAgCY2/BIAkSBoAiZA0ABIhaQAkQtIASISkAZAISQMgEY2/AIAkNJ4EgCQ0/hwAktD4NAAkofEpAEhC408BIAmNTwJAEhqPAkASGn8CAEloPAIASWisAUASGp8AgCQ0HgSAJDTOAkASJA2AREgaAImQNAASIWkAJELSAEiEpAGQiMZfAUASGksAkARJAyARkgZAIiQNgERIGgCJkDQAEiFpACRC0gBIhKQBkAhJAyARkgZAIiQNgERIWkwdYGHN+vmDCCQtpk6nswwsIElLg6TFJGmwoCQtDZIWk6TBgpK0NEhaTJIGC0rS0iBpMUkaLChJS4OkxXTgpDWbq5s7O5urzX0XRpRv/rC2DwtE0tIgaTH1Ja25urlT/inh1np1P8ZPWrO53urE6dz4SRu90xG3NpvrrU5rfbxqTrQyxCVpaYietJWNdvAUvnUu9vbn2ohZWv60P23SIqphliZpLApJS0PcpK1stDvtjZXi83Nb4WfpG5a05nqrkz9ZN8tzt2ze1rew01ofvrD7vL+6udPJ50bN5nqr09nZXC3ttGpH+cHkdjZXm82BHW0Wn2bbLHaaVXZn1K2lTfd2tbO52rtra73q2EorN5vhcXa/SkO3cIjh54iQtDRETdq5rU5lwlY22u12u5i1ndsamMWd2yo+XNlodzey74Svt91Op9hz6V7BRsNNbWz036u0yoE73KlKWnN1c2fY63L5PCmckGVhaK0PW9ibyuRb3v+lyN6O8s0M33tva719lqPVC0z51mwrpf32H23FJCw4jOqVi0MKFw7uC6YhaWmInbRuQ4o+tDdWss/CuBR1Kho4LGlFXEp3ywULh91esakgvMW9SncPV57MYNIqrzOF06TOQFSyFfqSFiwsvTo3opfVO1pvZbO95VFJC1symLT+NcO79PZYnlOGuxv+RQhWDo6zd+7DthCsCQcjaWk41Fla3oa+oATpyT/bN2l99+tfNbw9mAQWE65hRxDsv+xgFwH7ktbMX3AsLRwrKsWUanDhwFRmSNWqdxRU4TCSVhgMcGnX1V+EMWZpVRf/srsd4FkMCpKWhkO9llaVtKGztHyN3odDplal3Q2EKgzW0FnaQNIOPjEr6U9aaSZSzEbKF66qrmZVXmDLF4bX0sIA7HMtrfjhlNLSqEkb3PJyMZfqXkvLkzbk2HorD72WNvQsDv9Jj5RJWhpq+YnHvmBUXEsL7tZuV15Lq5o2VYaqfABjJq3/ftFeeAQWgqSlYZ7/XVqkqVONJA0WlKSlQdJikjRYUJKWhnlO2uKRNFhQkpYGSYtJ0mBBSVoaJC2mDrCwZv38QQSSBkAiJA2AREgaAImQNAASIWkAJELSANI0658hnQFJA0hT5+j9S1lJA0iTpAGQCEkDIBGSBkAiJA2AzOK9v1Wf8ZM2+Cb1hxqew7PoSQvfonrw05oVb4w9w2MAxnJuK/jR796QDZ9DUk5ac73V6XRa6910SdqcmKukzcMBAPs7t1X6zvPcVqfTjddRSdp6q9NqtTo7m6vN5rKkzY1hSSsmTJ3ioRou6y5a2Wi32+3uN2lVd5nqeHpbH7rF8BvFbI3SIZVWyLcb7KI34sKDN0uEkSpS1V3UG3DtjZVhQ3ifZ5Kywx3j+zxrDUtac3VzZ2dzNf/fsqTNjeqkVT9iB7/5ChZG+n6sL2nhA2/gsR4uLHbft7B3r3Nb3YfssId7cfiVOwNyVS+m5Mv2G8L7PZOUHPIY3/dZa1jSspSFH0janBj6wmPvW59sQemF83xx+RHRf5dpjyfc+qgxVFp3+J0qhlz1w92rnzDS8Fna/kN4jGeSnsMf46OftSqT1myubu6EZ1AqmaTN1spGu1P61mXggTV84jb0gThFEiZJWt93XYMP96HfweVr9D7s29diXwCAQ7ay0R64ltb7ZnjkEJ7kmaTOMV75rFWdtPVWp7VefJqnTNLmRfhdU8ULzOXilZcGD5Lqu0ym7yce90ta3zd8gw/38hqlV0O6d2lXvs5uigb7GvITj/ny/FpaxRAe+Uwyai+xx/i+z1qVScuSVXyaJ0zSiGjamdXC/2gWJG4WY7wyaWmTtBkKv8eacmYlaTCHZjzGJQ2AREgaAImQNAASIWkAJKJz9EgaAImQNGCuxf0uftZnw+GStJjijj04mgaHVawLLcXGZ3uCHB5Ji6lz9C7Gwgi/+c1v3nrrrXfeeWdvb++9wO3bt7P/Ft5///07d+7cuHGjU1fSYm2TuSJpMRknEJI0aiZpMRknEJI0aiZpMRknEJI0aiZpMR1gnOTvK7uov/caRpA0aiZpMQ0bJ831VqdTekOH3k1jJ63ZXG91uu+qDgthgZLWzEZpIXhHMRaIpMU0bOyttzqtVtaj/iCZpZGwYUnb29vb3d3d29uLlbTm6mZrc7XZXG+NTNF+Seu9T9h6S9UWkqTFVDn28mh1/9ddGH5HuLO52mz2v3t6a7P4dGdzdTkYcs3m6ubOzk75VphDlUm7efPm7u7uF77whbBq0yQtf/1i//euHD9pzWDAhkMzH4z7jNbl8hivfIWGwyBpMVWOvWxkhB80Vzd38sFTzNJKQyh4jbFYuZy07iAJNwXzZjBpWc+eeuqpL33pSxcvXiyqduCkNVc3d4I3ZR59POMnbTl/9+fSaO0N1/1Ga+leLhnUR9Jiqhon5e/msof7eqt4TWN40sLxMJi0ijVh3vQlLevZ5z73uS9/+cvf+MY3tre3v/Wtb2VVm9tZWt8ltnwM7zdagzG+nNfxAF9AJiVpMVWMk6pHdnj9TNJIWF/Sdnd3L1y48Nxzz333u999/vnnf/jDH+7s7Lzwwgu7u7tzey2t8mr3/qPVLG1GJC2mwXHS991ZUbjS3E3SSFTlLG3QlLO08e2XtNJcrHdTxXDdZ7Quu5Y2I5IWU8SxBwlYoB/iJw2SFpNxAiFJo2aSFpNxAiFJo2aSFpNxAiFJo2aSFpNxAiFJo2aSFtPRGSf33nvvvffeO+ujYN7FSlpEtQ1VP408E5IWU/JJK0oWfjDrg2J+RUnagg5VSZsJSYsp+aTBRBZrllb1m1eDf2fW9xsSghWX+39PUPd3mYSbqvkrf2RJWkySBqEFupY25DevViSt8rc+Fr/BtbdBs7RZkLSYJA1Ci5S06t+8WpW0qt/6uJz9Dq3882VJmxFJi0nSILRISav+zavBb9nvftis/K2PodKvLpa0eklaTJIGoQVK2nI4zQougPUuke3sVF5Ly1Yd/DWQvQ26llYjSYtJ0iC0WEkrFBOyWPulNpIWk6RBaIGSVv6RRS8YLipJi0nSILRASSMNkhaTcQKhGpI25pt/ZiQteZIWk3ECoXpmad2fQBzjApikJU/SYjJOIFTbC4+9f/A8cq4macmTtJiMEwiZpVEzSYvJOIGQa2nUTNJiMk4g5CceqZmkxWScQEjSqJmkxWScQEjSqJmkxWScQEjSqJmkxWScQEjSqJmkxWScQEjSqJmkxWScQChW0iIyVNMmaTEZJxCKkjRDlfFJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYQkjZpJWkzGCYT6knbz5s3dKnt7e5JGFJIWk3ECob6k7e7ufvGLX3z66aeffvrpz3/+888888xXv/rV7e3t3d1dSSMKSYvJOIFQ5Sxtc3Pz0qVLzz333Pe+970f/ehHZmlEJGkxGScQGryWllXt61//+ve///0f//jHWc9cSyMWSYvJOIFQlrTr16/funWr+EmQvb293d3dH/zgB0XPJI1YJC0m4wRCWdJ2d3ffe++99wO3bt26efPmrVu3iiV37tz54IMPJI0pSVpMxgmEsqRl6boz0gcffCBpTE/SYjJOIJQl7fbt24MBKzIWkjSmJGkxGScQypI2WK+7d+9m/+0jaUxJ0mIyTiCUJW0wXcNIGlOStJiMEwhlSbsxCUljGpIWUweYmqHKgUkaAImQNAASIWkAJELSAEiEpAGQCEkDIBGSBkAiJA2AREgaAImQNAASIWkAJELSAEiEpAGQCElL2v0njl0+cWr0CtuNxvbxkxNs9OTxydYHqImkRbV2vLHd6P4Z3ZKSQ4vEfkk7eb5xfG3SjRZHq23AfJnjpK1stNsbK7M+igmU+3Hy/PhP97NK2qkTl4+duH/SjUoaMKcGk3ZuK3w/tYNH5dxWZ+vcNIe2iEkbeIo/9eSxxvnuspPnG8eePLW0dOrE5Xwmt33sxP1LJ8+XJ3bdFwMbje1s/aXyXRqN8yeKT/MVyioniwObPfXksXyDJ/t2kU/dgmj16thd2H/YALNWmbTpUhRrOwuXtKXKGvXPaU49eWygQ+Vy9LpYzKLC6dTJ49v5x1URLS0sOrT/ZstbKNdryEKzNGC+jJG0lY12u93udDrZ8mAWl6/XW6OY1/XWyj5f2Wj3T/wq7rVU3n7VHDHYUO8Agjv1HWO2RvXe+3YzuGQap05c7s51Tj157Pja0tLa8aJkvflNdwIXtCGcYPUmTH1JK0JSFZW148W8sNeh/TcbHFVv4iVpwCLZ54XHrXPZU30Qr1JHejHoLu19GKSxdK9i8lV1r759jS5LsUJxIH3HNXzvg9uOMCcMohUmben+E8cuHz9eNR/KfzqjshyhSZIWbiGcpY3ebGUIwxnh2vGBzkkaMF/GnKXlT/blG/PPKtcIVi1fnsvnTlX3Crc/JDKljbU3VgZW7L9f9d4HZnJVSyZ08ngwDQpfXTx5vpiQBVewgqtQ3RnSwLW0xnblC48jkzZkF/tttny5Lr9Xb1OXjw2+Glk6bIBZmzBpQ2dpI5NWHaeqe/Xta/Belc3bd5Y2cv41eNEv1uXE3MF+sBCAyUyYtKWh19IG53HdFQcvVI0KYdWKJaXbixXGv5aW3WdwL/vt9+DCH3oE4PDM8b9LA4BJSBoAiZA0ABIhaQAkQtIASISkAZAISQMgEZIGQCIkDYBESBoAiZA0ABIhaQAkQtLmROVv6x/7Dcmq3w4N4GiRtIiGvl/aGCQNYFpJJm3fd1qb/N5jmeZdniUNYFpzm7TBN68e3/wk7dSJy8eOXe6bt5XeP/r42tLgwvz91YINBu9J3Zv/rR2vePdqgKNqnpN24HeWnmHS+l54PHXich6t+08cG5xy9WZX4SytuFeetNJ98zXDhWZpAAuVtJWNdrvd7pu3ld6MOniX7c7A0mCDwe29eIXTwqiztDxUvVtPnm8MzK5KLzyePF9OWjgbK+Z2a8d7b5YtaQDznbS+xKxstPMoBR/29GZX4TyrWDVPWum++ZrhwtgvPPYnrTpFfWtmHweztMFihQslDWC+k1YxS8tT07u16ppbKUr5qsH/y7bOlfcW+YXHwVla+bJZL2mDF9iqr6U1usFbOvXkMdfSAAoLnrTqFPWtmX0czNIGi9U3rztg0gCYpXlO2uALj4OztPJls17SBi+wVV9Lq76PpAEsoLlNGgBMRtIASISkAZAISQMgEZIGQCIkDYBESBoAiZC0mDYvXBjnz6wPEyBNkhbT5oULd/cjaQCHRNJiypL23777t31//vvf/OBv/vZ/Pf+//17SAA6PpMVUJO0nP3u1+PPy//v5qz9//bU3On//oxclDeDwSFpMfUm7+so//t9X//nnr/3LG503f/HWL//h/7wkaQCHR9JiKpJ29ZV/evna/7/2T6+99kbnzV+89au3375+/fpPr16VNIDDI2kxZUn7H//z7179+ev//HrnX9986/r16zdv3tzb29vb27v26j9KGsDhqT9p8/R2ZLGPJUva959/4Y3Om7/81a9u3Ljx3nvv3cm9/sa/SBrA4YmStPIbRfe9c2e/9JP2dy+03/rlr9599929vb07d+7cvXv317/+9d27d9/8xS8kDeDwxEpar2PntkZXLf2ktXf+IevZ7du37969+2+5t99+W9IADk/8pJVCEbxXdMWi3pSu/JbT4ZtXj3qn6b5NbRSf9tYNtlCu7sBmKw51YlnSfvyTn1679uprr73+r2+++fY779zY3d29eXN39+a7796QNIDDcxhJyz9f2Wj3lhelCpNVrFGVtPDu1dOpvvqF0dw617eFYoXKzVYf6sT89hCAGTrMWVr5Els+TyoFI79nVdLCrY6VtLBe/VvtfVa52epDnZjf8QgwQ4d5LW2CqVUwxyo+7JvOHSBpw2Zpg5udpwt8ABzMIf/EY+lqV+81vsF1e0vb7XZQt/2upY1M2lL1tbSKgxq6FICFsSD/1DqYxQFApXlOWjhvOti1LQCOkHlOGgBMQNIASISkAZAISQMgEZIGQCIkDYBESBoAiZA0ABIhaQAkQtIASISkAZAISQMgEZIGQCIkDYBESBoAiWh8DACS0PgwACRB0gBIhBceAUiEHw8BIBGSBkAiJA2AREgaAImQNAASMYOkffQjS9984J53H/rd3z7cmMM/7z70u9984J6PfuSAZ3f69OlLly5dvXq1wyxcvXr10qVLp0+fjvqYBRbDDJL2zQfu+clDv//pB1fOzqVPn/3YT9d+768fuOdgZ3fp0qUrV6488cQTsz6Pg8vaMOujOKAnnnjiypUrFy9ejPugBRbCDJK299Dv/NmD/2XWT32jfOrsys2HfudgZ/fyyy8/9thjsz6DqSx00s6ePfv444//7Gc/i/ugBRbCDJL224cbs37S299vHz7gV2ahY5BZ9KSdPXu20+lEfcwCi0HSqknarI9iKpIGR5OkVZO0WR/FVCQNjiZJqyZpsz6KqUgaHE2SVm0Ok3bmme90Op2XvvaZQ9p+YQ6TNum5SxocTfOetOy5rPCdZ84c6ClxYjUk7cyZz3ztpfI/qvrOM6PWH/m0nm/tO8+cmfZLNGnSzpT/kg4jupIGjGOuk9Z9qsyf6D/ztZdSTFo3Qt2TfelrnxnSpPlM2pniLyk/C0kDZmURklZ+lq+cExRPq2fPni2e28/2TfJGzoH61J+0/rMYOPLwaX3w1v4vypkzBz73iZKWnUNfbCr/jrqn+9JLLwUHWWxh8EyHnfuYpxD1MQsshtkkbXk8zebq5k7w1NhprTebA7fubK4OfrizudpsrreyZcvLy9ntrfXm8L2VTJO0Cc+ud1K9z6uOvFhYfWt5a9Oce/a1HnPl0Rsf9ndUnEr2Uae13rvLyHMf/xSiPmaBxTCbpDUnlrettT7QuZ3N1Waz96S33io/x1esOoZpkjbhSbXW88+LJ/rqI89vHnJepa1Nc+7Z+hOdw8DGq/6OggPsO9Pel2DYkfcaOO4pRH3MAothNkn7D+NZu/DiixfWup98drvT6bx4YW3twoudTmf7s9nt2bLeCpntzwZLup9MZpqkjb2T4FT6jrbyyPOvwJDzGr61CWVfw7FXL+/ps9tD/46CpcWpVBzn6HMf+xSiPmaBxTCbpN03nke+8mL43fqLX3mkYmm+uHdDseC+++576tvhqt9+asw93zdN0sbdx/AzqT7yp77dW6fqvHqby1Y66Lln6499Fv17evErj1SfWbbw20/dVz6V0rrZUY4+9/FOIepjFlgMs0naf5x70yRt1sc+rSwksz6KqUgaHE2zSdp/mnvTJG3Wxz6tLGmzPoqpSBocTbNJ2h/OvWmSNutjn1aWtFkfxVQkDY6m2STtv869aZI262OfVpa0WR/FVCQNjqYZJO3WQx/65B//4cfn2GN//J/3HvrQwc7ulVdeefTRR2d9BlPJkjbrozi4Rx999OWXX477oAUWwgyS9s0H7vnJQ7//xCf+6MG59Gef+KOfrv3eXz9wz8HO7tKlS1euXHnsscdmfR4HlyVt1kdxQI8//viVK1cuXrwY90ELLIQZJO2jH1na+vgfvP/wh377cGMO/7z/8Ie2Pv4HH/3IAc/u9OnTzz777LVr1zrMwrVr15599tnTp09HfcwCi2EGSQOAwyBpACRC0gBIhKQBkAhJAyARjY8BQBIaHwaAJEgaAImQNAASIWkAJELSAEiEpAGQCEkDIBGSBkAiJA2AREgaAImQNAAS8e8t3urbi+Ol+wAAAABJRU5ErkJggg==)
Une fois l’ajout effectué on peut changer l’authentification en HTTP
![](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAcAAAACvCAIAAADlkpkfAAAYFUlEQVR4nO2d73NURbrHewuLuhUXXEVWJrcw/DAbRIGUMdaMMVlICBmIhIR4MhSBIG4uqGQ3IZgS2XtrXQSxKCSB7BYvFC5IqBICu6UQtHy1sBkIRKuo8jXV5pX3r/DcF31+dJ/u82N6ZjIT8v1UV+p099NPP/30Od/pmQSGlJbGUFBQUFA0Cnl28WIUFBQUFI1ClnAslX6KlHks7Ysyyb5sqWjvTxk/0GfqMjkYu6XME48czFLO7VJuoDxEteQlfqtArpQRKluRK2WEylbkShmhsrUYckWWL1uOgoKCgqJRSDkAAAAtyAqb57mfPHIL3+XXGzBKafa8qj2ik+DZlU785g1olA2QqyjzIlfBQ2QD5CrKvEWSK/LCC6+ta9n36gv55KVF1CBmU1leJykQ+c9eVuQ3vD9+SSkdP7E5bxPkkiLfKSXFvH0zK5/5ipasXlXX0NLz2qpVq8PLkn8ZxDSI2RJLhVhWnGshprHgv1n15dhPBjGTSyJMEe4tVV9iGuSn+orpGh5cImSv9dNxSumXvaza+yWldPzT1pzMnrvwKL3cy1cjReispe3TcXYVNsTOxXSsPfNUrFq1uvdLymHlJLCErT2bJUd/Nnsvs4jHP22L7F+1fdGjjRabfXfZTNudn3m04oPQ9ul4YLRWokhl5e8bWnpeq4zAawtMJqAG+VfIgBX/20JMY8H/sNor//mTQcyNy6JMEu5tuocHEyF7W0+OU0ov97Fa32VK6fjJrXmJRiJyeHZQfZe5ShiZr0XMxbQSIRVs8XZ0W0+O5yLQbJYc+dm0ty2jmVTbFz3aKLGJCfVWp5NMHgR6uc+qBdzbVqJIVVVDY+sf66pCefF8KzENcmvT06ZBzNbF21lzYvGUQcxN5VVVVX/ZREzj8fMJdmGX1sXbmU3r41NOCxtb97Rrtqnc9SZaer3VPW0aZKrxxaqqqu2Nj4seym8ZrjGziTictSgDCCRC9t4YTFNKr/SzWv8VSml68A2nw8Lq77/ibbKGDw6m2TjVqOzDS6fTND3YP5im6XTaiVAVj9hmWbqrEjptL1WKgenBwSucVydLbjyiC0UkuU4Fm8ITtDyNZ0ectasil9KR65i5AK9cEePnbjzurgvavqDN04iNn9UTkU9s/vd/BMsso+W2Lz34xhv281Yl3gCsyZmcvFLduKH1T+uqq18JLjVlUwYxW8t2Vv/ulkFMY94XNVz7pt+9Ul394SanfdUXrcQ0Fn7oHcvZrFtoGmRqw6pXqqt3bphnGuTWOh9Ljzdn4LqFpj21VNiQ8OHRAggoEbLXMZSmlI4eYNX3Riml6VMd1amhNKU0PdThWh4YdVpS1iB7uLV7Q+/Jo3IU3nujlLoX6VMdPvFwjUpLu3ScStu93sbR9/ip00Mp3hXX6KZIFYkigVmmwgrPYfQ9e1Oc7XPDtnck5cSmjFxcch5i5jPGYrVzzt14yp1SNYoblF1s8mLdlrDYvPd/FMtcPgjp0dF04FxWokgivqGptbchHo/H4wn7Z0K8jsfjf23mznGsNFfE4/F47ZIpg5jNFYl4/MNmYhrzvqiNx+OVF1uJaTzzIfMg2VysjXc1zfM4nGqqlC2/qI0n4pVftBLTeOavLJj6Z5jxrqZ5pkFu1/MBs3mdMu+i//Aue3ica1QGwOeEz0w8HvdkT+yyW1Kn7lBKRwdY48AopfTOqVQ8wS6dh3Ugvu3UHSpy51QqYQ+3HQ5cFUex6eLqHdzQ1NpbL22oEKfjf2CUOXQiTKniYY1XB4S1cFeeQWylztRuLlgjS8HVgYGrTor49dpu1ZnxT0VCKnFup3xyxY+1VzE6sM1er2ssbqgTJB+5kxDPkj2bztKouq9YsWJW31diDgWkTDr7s82ORrgVfaINzJU3NsUSXLdWizu7f2wB93+wZdAzaD8IylDj4rZy95X7FIyyG0BKFKmp2Zhs61tfE8zKfxvENOaN/L6mpqam5vdLpwxiGosOO9evr6ypqTn8umNTNdJmG/jZrF9k2o0uUbytX2QaZCpZJXt4MznPNMi/1ztDwodPJauEgeoAAoiSvfevUkrvnN5eU1NTs/30HUrp1ff5fqft/atU6lSOCGrPNDzJjxuuKh5mzlbjsbxzejvnjDcMmYzdrJal5OLq++pIcp6K7afvuOE6a5On9kznWCoj9wsuV9tnxSdmT5rZE6Pf9kUMK8PYxEz5xxZ6/4dYZhmttGdSchTbSupqN21q69tQW1vnX/6wcb5pkKmNL6taXr7Uxh/65l+qdw1Mg5hty/5Qv2zKIObmF+tqa49sdm3qGhfxJ9Dxxto6H0vBW+MiJxi3nY1iw4OD8Rlurc4vVN8Snr262tq6HcN3uRfL4R21dbW1O4b5V9FrHzDLg9f419VrB+2x1w4yV+pR2YQn+q+rrf3gmhukIh5PCMzy4DVK6d3hHeJKOT92cQffGd5Ry3lzAvB4cNqlSHKeCs/C7g7vULRfO+jNmN/a5S27M/xBfmJ2QhVbVDsVvH2KDcrhnc/fD8rYIt9vasscPgjMu+JR9dwVZN26zc1b9zetW7du7VqUjEuRZ6/Iw1u7dt3atYf+QSml/zhkB9n1t7usPuNSkfPIi3n7MorNSs3dv3UVaC15yyRpaGh5fWv/xob6BhSdUuTZK/Lw6hve/PtdSundv7/pafnnn2deKnIfeTFvX4axseRQSin955+LPtrIhTQCAADQgiSbkslkU7IpaZcm+6fdZP2wbZJNtg0/hBvlVt1RTUlrYFPS9twkuHB9ulXPeH5ePjY5eC5+PiS72uQOVF0k7SD5zMgtyBVyhVzN+lyRTQAAALQgLZs3o6CgoKBoFAgoCgoKimYh6wEAAGhBSgEAAGgBAQUAAE0goAAAoAkEFAAANIGAAgCAJoUX0Fj5/IcGMY2S/bFYoWMpUmLl8x82z08iP8XEDN2Umf64FVv8IQIaiy34zo41FlvwnTH3THmO497fQL5b7fXpzMUHUEBisYVnmsPXrhFtlCHBz2o+UuRZrxNAwD0w/Ts12zaFkUzM5f7DxoyfR+dxy8fjXCi5KCAZCGg+CH0GpuGxjHWPjHTHSktLY/VHR47W+4Tx6DyrGuuNctrK7U5hU5TsbyBmwwIhBq4aPku0jGlTcLmYfsjD5rn2kXjhGe57O5jM729wvsBjfpJ/eVld4rFka3toe3iYWChPJo9yX07F+8DZCTGAmH2Ad6eIiWGbDfPPNAcYKLIf6x6hlNKR7lj90VuU0ltH66U7QN65WHi6QqOde6bcu0C/dFkOwydVGGS/XvEEWrLfG4liIYo7pHy+c7OdScx1dnx/g+JuwaYo1usv2RGfR/5xi/k8zqa40cLucztYnHIhRKt68BW7LywqbK9F49jqEvJQ9YohPzB8lLHy+Q+lgzoL131U5Gh8R6lEzX1QxdS4HqyBvAf+XYNjnEzMVW6POF33CKW3jtaXlpZaV57gA1/61OlSRSsH4/eiLQxXPTnKSZUGuuvl/29/73MVvBD1XnsbvfurFeRs2pTVJabqvBn9eZQeFulx9kua+9pT1HLBB6PYVqWABCwqMAPsmvDb6b6AKF+InIyIG8k+lVDuTcD2y6OUGfF9nbRfl/zm5a/ddSnvP63DTni6VNHKwfg+aVy6+KcueFKlQfbrVT4hAQtR77WoHcnE3O9Wx2KrS9SnD2xKZPGN/jyqG1WL8j+BFrVc+O4L21algETIqjIDzIB46kF5DH9JCcxITk6g8mt+BAH1bIN3Lq2P26LfdkqHpe49EX5Ucf2HTurzhGe53uCDlbwQ3xMoF0+sfP7D5pLvfI6Q2BS/8OTPQKM/j74nUHlR/Ju51SWmj3wErXq65cIbrWJbA980RNprTyN/AvW+a/OoeLQPNQIyEjpKyoh40pE+wDIDd4J/sxn84h8F6S2t9zMgVboU0SqD4Yfwk8rGEfZIbaC13iABDV2Iz2egQjweOdAKchZtips0YckZPI9+D4vygOyutHmuQj6KSS6U0Sq3VSEg/q+piiO25xCwuqTwfwcKZidF+BtVoDy+gYC0QEBBYUhyv4gHBUQ8S+b3TwZnEBHTAgEFAABNIKAAAKAJBBQAADTBV3oAAIAm5E8AAAC0gIACAIAmpAcAAIAW5F0AAABakLcBAABoQfYAAADQglCX70cOdXd3d3d3D33LGr4d6u7u7u4+NPK9WxFgPQoP3g7q48CdS+hmjU4Lq34/ckjpl82qHMKqikHfDgUt03cWJ1gxYo89txLF6jJz7pvhyHsEAMgb5OLB3bt37969++Q3lFL6zUn3mlI6efHg7t27D16cdLp4mNmkygMbohij9kE9xrwreSLZwG8IHww/3DO33zLlWRSNnuAOXpx0Z1KvLrrzgAxH3CMAQB4hXTYnblJK6c0T9uXk5CSldPLCQNfAhUm7h4cbIDWwIfIYL2yIhWvtcc2qkxcG/OdWD2FVFgw/nLMJWqY8i9To5ztodZGdB2U42h4BAPIJ6bQ5cP4+pfT++QOdncfH2NXxMUrp2HHWM3a8U4Czl1vYpYB3fGenNREdO25dOM6cdr7KT+UxcFqUc8rBsPbQZcqzSI1Kk5DVRXUemOFIewQAyCtkm03fufuU0vvn+rZt++SGddV37j6l92/cuE8pvfHJNgHOXm5hl9IYlQdm9MkNynljNWe02Kkw8BvCqnKknE3QMuVZpEalScjqojoPzHCkPQIA5BXSYfMxe3Y/ti/vne11Wp0eHm6A1NB79p5yDI9lI8Am9bqWZgpv4atsIsu1dwFBy5RnkRr9fAetLrLzoAxH2yMAQD4hZ3va29vb29uPXKeU0utHnOt7Vg/rsLt4WM89lYceJh/yGBevieCN9+WdR+pXtcjBCONdm6BlyrMoGj3R9Zy9d+9sT/DqIjsPyHDEPQIA5BH+z5gmPt/X1tbW1tb20dd8bd/nE5RS+vVHbRJWl+whYEwbN4c7QB7DDLyOhdG8e08LX/VGaXeELlOaRYjJOxnfHrq6qM59Mxx5jwAAeYO0AgAA0IJsAQAAoAUEFAAANIGAAgCAJvhKDwAA0ARfKgcAAJpAQAEAQBO8hQcAAE1IGQAAAC0goAAAoAnewgMAgCb4XngAANAEAgoAAJpAQAEAQBMIKAAAaAIBBQAATUgPAAAALci7AAAAtCBvAwAA0ILsAQAAoAXpzoyhbyml9PuRQ8oqAADMIsjuzDj5DaWUTl48mOE4AAB45CBdXV1dXSdu8l+de/NEV9fAhUm+afLCQJe38eYJeyDr9fTbjZbNzQt2p9MBAAAzGtLZeXyMUkrvnz/QqebA+fuUUjp2vLNTMuar7Jo346+ZEd8OAAAzG7LtkxuUUnrjk20e+s7d58+glgWzvn+ujxlxVdEPV+M7PMMBAGAGQzo+Zvr2cQcPa7RaeQt2fe9sL29372xvh8cPVwsYDgAAMxjS3n7kOhO1nnYX1nb9SHt7e3vP2XveimPMj+XHBF+LcwEAwMyEtLW1tbV99DX/Zv3rj4SmiYkJp7Wtbd/nE5wZs5r4fJ+nj2u0bNhw0R4AAGYypBUAAIAWZAsAAAAtIKAAAKAJBBQAADSBgAIAgCYQUAAA0AQCCgAAmpBCfzE9AADMVEgZAAAALSCgAACgCQQUAAA0gYACAIAmEFAAANAEAgoAAJpAQAEAQBMIKAAAaAIBBQAATSCgAACgCQQUAAA0gYACAIAmEFAAANAEAgoAAJpAQAFQs3z58uHh4R9++IGCacE0SBGVbY/93DHvhWWLg28SCCgAaoaHh8fGxt56661C/6e9OYApVKGjCIIJ6C+9K4ql7Ftu7vj1zx3zgm8SCCgAah48eLBr165CC0tugIDqlJ7lZuqx4JsEAgqAmiJXnIyAgOoV0whRSAgoAGqKXHEyAgIKAQVgWilyxckICCgEFIBppcgVh9Fy+CtK6cRn7wSbQUAhoLOexmO3KaX00t4Mxuy9lJl99FBuH2vMvd+iIlRxWt75bML9I5yvDre0qM0sO1+DbMihgDphui3iCqnYu2XLlhY2PYvAXp08KjS8LREFdNczCULIi4tZdexFQkjJ4K7Fe0g4e1qXDcaElkTdMgjojGbvJf4uCxM6LS10BmWvpLyHLAWUd7X3Eo3uSnugDlGObC2OgPmL48wXUCtySy15rbT1kxkpRzETpzcgQl0BZb1MH52q3MKqvxlzx5I9rRDQGYwgansvBWuonmYVv4BOz0AdNATUko6JiQnuXMaJjNUiNH11mBOvzz6boHTis3dUfmRPW6ZXQLeIauicNL/6ShBWpexGiXA6BfSX1t9EOYRCQIsZjxxwqmS9W6eUWqcst+HSXqHbVV3Om+vJanTPul7di+pK9NB47Pbt27cll1LYZSpL0ZU7l9vus0a/gfxRno9bEWEmUErXhFFZ2XeZUjp+cmtl5Zo1ayq3nhy3q26H1Xq5j9nYHWvWrHE72BVj/ORWlR9uUkV3cJzMccha7GikiazI+YDFxfZdpm6QnlFy/H4Rhv/roI3kVem9+dBGq3dogVCVW1j1pkFMg9xc5jX2K8E3CQS0gHjPU1a98dhtxVnP59AnaaVPY4SzW1RXZUKIzqVv2JKl9534pb1lge/I1THY18K8jhflvJlBKa0Mh9NJQSrVAlopSqUjmKJJsB9hnGd+P9iAkKV4YlA18bMx1RTwWaLg0j9C0yC/GL8KKhtJghCyzDIbW0YIIYMbWZUMLuCrcotVdT8VfS1sOuNXENBixucEKn40ap+qBAEVTLIT0MxdeYLhFDAkbGUw7quGRz9DAuPn5VbGyao8b2ZQSl8KZ/8VSml6sJ3V2gfTlNIr+8UOrtXucGovSQP9/HBt7DI92O6d3w+WxZCleGKQm4TIWcWemRlafQpHoVgCmnosqGyakyCELJvDqpaAbrJ6B58WqnLL4NOEkDljwVOIBQJazPh8Bqo+a3KtainjjnDuZZiA6rgqU8tTaNiBAuo9gfoGFv0EmgMBrQ6mYyjtavzoAadl9EB1dfWBUUppeqhDNGQNB0b5V5rRA8LAaj8/wnR2Iz+NP2xAJsthTpVTurb8vFyLZzGRsAR0+38Elc2PJQghz81l1bHnCCFzBjez3rlMH+2q3GJVx4KnEAsEtJjx/y288AGgrAhCN/9xo91yW1Yca7LAz0ADXfEefOQpJGxlMJE+A6WKGMI/A81eQBOPCiw5hY4iCEtAd84rqgIBBUATSmndowIT0EJHEQQTUHP3U8VVIKAA6EEpbXhUYAJa6CiCsAT0vxYVV4GAAqDHgwcPUqlU0yMBE9BCRxGE9Rb+7cVFVPaUmqk5wTcJBBQANadPn75+/fr27dubZz5MQAsdRRDWCbRnebGUd8vMzpKfjV8H3yQQUADUsK/0+PHHHymYFgr/NR58Sc35P3ylBwAA5A8IKAAAaAIBBQAATSCgAACgCQQUAAA0gYACAIAmEFAAANAEAgoAAJpAQAEAQBMIKAAAaAIBBQAATSCgAACgCQQUAAA0gYACAIAmZD0AAAAtSCkAAAAtIKAAAKAJ3sIDAIAm+CUSAABoAgEFAABNIKAAAKAJBBQAADSBgAIAgCYQUJAtS5c8u7Mydjj+1OCrTxRhORx/amdlbOmSZwudJ/AIAgEF2bKzMtZX/dvqlc9VFCXVK5/bX/3bHZWxQucJPIJAQEG2HI0/VbWyvNA6GcTLzz93JP5UofMEHkEgoCBbBl99otAKGc7gq08UOk/gEQQCCrIFAgpmLRBQkC0QUDBrgYCCbIGAglkLBBRkCwQUzFogoCBbMhLQFcnuv3B0J1fkTzR5IKAgH0BAQbZEF1BLPbuTrJpI9UNAwYwGAgqyJWMB7U8lVri6uUI8lPanEhUVFbbSrqioqFiRSPXbsivY2kIMAQWFAgIKsiUDAbW0kH8Hv0Lq7U8l5Mv+VMJSWqawtqhGPcBCQEE+gICCbNH4JZKrpN1JSVX7U4kVFdYhtD+VSHbbh02PnSOmEFBQKCCgIFuiC2gi1e9InnOcdM6S/LGzQny3br2XFz9CzQgIKMgHEFCQLRkJqHx+9B5AHQF1OrjPTLV/iQ8BBfkAAgqyBX8HCmYtEFCQLRBQMGuBgIJsgYCCWQsEFGQLBBTMWiCgIFuOxp986fmi/g+Vq1aWH40/Weg8gUcQCCjIFvaVHkWroS89X46v9AB5AgIKsoV9qdyxxJMF//44ZTmWeBJfKgfyBAQUAAA0gYACAIAmEFAAANAEAgoAAJpAQAEAQJP/Byr7RLBg9DE/AAAAAElFTkSuQmCC)
Ne vous déloguez pas, ainsi vous gardez le ticket de session le temps de valider que votre infrastructure est fonctionnel.
Modification d’Apache
On va s’appuyer sur un module qui s’appel : auth_kerb. Pour l’installer sur CentOS il suffi de simplement faire :
yum install mod_auth_kerb.x86_64
Il ne reste plus qu’à modifier apache pour prendre en compte la nouvelle méthode authentification
On modifie le virtualhost de Zabbix pour intégrer les lignes en gras :
<VirtualHost *:80>
...
<Directory /usr/share/zabbix/>
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbServiceName HTTP
KrbAuthRealms DOMAIN.LOCAL
Krb5KeyTab /etc/httpd/zabbix.keytab
KrbSaveCredentials on
KrbConstrainedDelegation on
Require valid-user
</Directory>
...
</VirtualHost>
puis on redémarre apache
service httpd restart
A ce stade vous en mesure de vous authentifier sur Zabbix via Kerberos
Si maintenant vous voulez filtrer par groupe d’utilisateurs, le module Kerberos n’est pas en mesure de le faire en l’état, il faut passer par le module LDAP de apache qui va vérifier l’appartenance du compte au groupe avant de valider l’accès.
Je ne l’ai pas encore fait, mais cela ne serai tarder, j’updaterai ce billet en fonction.