Centrify for Apache supports the following additional services for authentication and authorization. Each service provides specific features and has its own configuration requirements.
If a user is unable to access a page because of invalid credentials or an authorization failure, Centrify for Apache gives the browser a chance to supply alternate credentials. Although by default Centrify for Apache allows reprompting, you can configure it to disable prompting after a Kerberos validation failure, if needed.
Authentication establishes the identity of the client. Once this identity has been securely established, Centrify for Apache authorizes the client based on the client’s identity or group membership.
Centrify for Apache uses Apache configuration files to specify which users and groups have access to a Web page, Web directory, virtual Web site, or entire Web site. The users and groups specified in the configuration file consist of Active Directory users and groups that belong to a domain in the same forest as the domain to which the Web server system is joined.