In my last post, I discussed a way to use SSSD to authenticate MySQL logins against Active Directory.  I thought I would expand on that by seeing if I could configure Apache to secure a section of a website by only allowing an active directory user access via SSSD.  It turns out that too wasn't all that difficult. So let's get going!

As you may have surmised by now, I am a big fan of SSSD.  One recent addition to this utility was the ability to control SSH access via an active directory group policy.  Yes, you read that right.  You can control SSH access by the placement of the system's computer account within active directory which can then determine what group policies are applied.  In the heterogeneous environments that most of us work in, this just might make your life a bit easier AND impress your Windows admin friends!

Someone recently asked me if it was possible to log into MySQL running on Linux using an active directory account.  "Interesting idea", I thought to myself so I set out to see if I could make it work.  Turns out it wasn't all that hard to do.  Time for the usual disclaimer.  I have only tested this in my home lab but I know of no reason why this wouldn't work for you.  With that said, let's dig in!