[30987] in Kerberos
Re: Linux/Apache - combine mod_auth_kerb and ldap - to be or not to
daemon@ATHENA.MIT.EDU (S2)
Wed Apr 8 17:46:08 2009
From: S2 <some.r@ndom.mail.invalid.net>
MIME-Version: 1.0
Date: 08 Apr 2009 16:12:51 GMT
Message-ID: <49dccd03$0$17431$4fafbaef@reader5.news.tin.it>
X-Complaints-To: Please send abuse reports to abuse@retail.telecomitalia.it
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Mon, 06 Apr 2009 11:47:59 -0700, kerbie_newbie wrote:
> As far as I can tell, when using mod_auth_kerb and selecting kerberos as
> the authtype it is pretty much Kerberos or nothing ... is this correct?
not really. mod_auth_kerb falls back to basic authentication and asks the
user for his AD u/p combo and requests a tgt on behalf of the user.
if this is enough you are all set. if you want to use mod_auth_kerb AND
mod_auth_ldap, you can use (from [1]):
----------
KrbAuthoritative on | off
(set to on by default)
If set to off this directive allow authentication controls to be pass on
to another modules. Use only if you really know what you are doing.
----------
[1]http://modauthkerb.sourceforge.net/configure.html
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
