[30971] in Kerberos
Re: Linux/Apache - combine mod_auth_kerb and ldap - to be or not
daemon@ATHENA.MIT.EDU (Christopher D. Clausen)
Tue Apr 7 20:04:40 2009
Message-ID: <498566843A7B4F1E9F5674B926D88BFD@CDCHOME>
From: "Christopher D. Clausen" <cclausen@acm.org>
To: "kerbie_newbie" <zarafield@sky.com>
Date: Tue, 7 Apr 2009 19:00:23 -0500
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
kerbie_newbie <zarafield@sky.com> wrote:
> At least in Apache 2.0, it is extremely difficult in Apache to get two
> authentication modules to co-exist; Apache by and large considers any
> particular portion of the URL space to be protected by only one
> authentication scheme (possibly combined with IP address
> restrictions). This is partly a limitation of Apache (particularly
> the configuration syntax) and partly related to difficulties in the
> HTTP protocol (you can't easily negotiate and attempt multiple
> authentication protocols in turn).
from:
http://modauthkerb.sourceforge.net/configure.html
KrbAuthoritative off
will allow you to pass to authn/authz to another module.
I've used a module that verifies against OpenAFS PTS groups and I assume
LDAP works the same way.
<<CDC
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
