Modifying standard Apache directives for NTLM

In general, Centrify for Apache directives work seamlessly with the standard Apache directives which you use to control the configuration and operation of the Apache server. In some versions of Apache, however, the default setting for the KeepAlive directive is Off. This directive setting prevents NTLM authentication. For example, the default version of the Apache server installed with Red Hat Enterprise Linux is configured with the KeepAlive Off directive and, therefore, does not allow NTLM authentication by default. To allow NTLM authentication, you need to modify the main Apache configuration file (httpd.conf or apache2.conf) or the local .htaccess file to change this setting.

To allow NTLM authentication in this case:

  1. Open the httpd.conf (or apache2.conf) file or .htaccess in a text editor.
  2. Locate the KeepAlive directive and check its current setting. For example:

    KeepAlive Off
  3. Change the KeepAlive Off directive to KeepAlive On, if necessary. For example:

    KeepAlive On

In addition to this change, you may want to modify Apache KeepAliveTimeout directive in the httpd.conf (or apache2.conf) file. The KeepAliveTimeout directive controls how long a connection can remain open without any browser interaction. With NTLM authentication, once a connection is established, the user does not need to be re-authenticated as long as the connection remains open. If you are using Firefox with NTLM authentication, you need to set the value for the KeepAliveTimeout directive to allow enough time for the user to type both his NTLM user name and password.