Is there any working Apache module to implement NTLM on Ubuntu Server

Question

I am trying to configure NTLM authentication for an internal site running on Apache/Ubuntu Jammy. I was able to implement LDAP authentication. Still, I want to make the login/auth process smooth as the user is already logged into his work computer using their domain credentials.

I tried installing the Apache module via apt based on some older documentation I found via Google, but the packages are no longer available.

sudo apt install libapache2-mod-auth-ntlm  
E: Unable to locate package libapache2-mod-auth-ntlm

Could you please suggest how I can implement NTLM authentication for my Apache proxy server, which is running on Debian-based Linux (Ubuntu)?

Answer 1

Since 2010, Microsoft no longer recommends NTLM in applications.

NTLM does not support any recent cryptographic methods, such as AES or SHA-256. It uses cyclic redundancy check (CRC) or message digest algorithms ([RFC1321]) for integrity, and it uses RC4 for encryption. Deriving a key from a password is as specified in [RFC1320] and [FIPS46-2]. Therefore, applications are generally advised not to use NTLM.<81>

Microsoft Kerberos authentication should be used instead.

Although libapache2-mod-auth-kerb exists for Jammy, it has already been removed from Debian 11. Therefore, I would use libapache2-mod-auth-gssapi instead for future implementations.

1. sudo apt install libapache2-mod-auth-gssapi

2. Configure Apache, e.g.,

   <Location /private>
       AuthType GSSAPI
       AuthName "GSSAPI Single Sign On Login"
       GssapiCredStore keytab:/etc/httpd.keytab
       Require valid-user
   </Location>