[30963] in Kerberos
Re: Linux/Apache - combine mod_auth_kerb and ldap - to be or not
daemon@ATHENA.MIT.EDU (Dax Kelson)
Tue Apr 7 11:51:17 2009
From: Dax Kelson <dkelson@gurulabs.com>
To: kerbie_newbie <zarafield@sky.com>
In-Reply-To: <22914739.post@talk.nabble.com>
Date: Tue, 07 Apr 2009 09:50:26 -0600
Message-Id: <1239119426.5453.8.camel@mentor.gurulabs.com>
Mime-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Mon, 2009-04-06 at 11:47 -0700, kerbie_newbie wrote:
> As far as I can tell, when using mod_auth_kerb and selecting kerberos as the
> authtype it is pretty much Kerberos or nothing ... is this correct? I can
> see no way to intercept the failure.
This not correct. What you want are these two directives:
KrbMethodNegotiate On
KrbMethodK5Passwd On
The second directive gives you fallback to interactive password
prompting if the user doesn't have a valid TGT.
Dax Kelson
Guru Labs
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
