Hello, I would like achieve authorization on a kerberised web-page. My idea is to use an LDAP query for group membership, i.e. the uid should be a member of a certain group in order to serve out pages.
Authentication with Kerberos gssapi works well. I do not know how to achieve the authorization. This is what I tried: <Directory "/usr/share/ipa/ipatest"> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on KrbMethodK5Passwd off KrbServiceName HTTP KrbAuthRealms USN.TIC Krb5KeyTab /etc/httpd/conf/ipa.keytab KrbSaveCredentials on AuthzLDAPAuthoritative on AuthLDAPUrl ldap://localhost/cn=users,cn=accounts,dc=usn,dc=tic?uid Require ldap-group cn=ipausers,cn=groups,cn=accounts,dc=usn,dc=tic Require valid-user Satisfy all </Directory> Any help is appreciated. Rob Visser
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users