I've done the kerberos part with several Apache Web servers with success. I've 
not done the fallback to ldap basic auth.  

Set KrbServiceName to Any in httpd.conf and put a HTTP service kerberos keytab 
from AD and one from IPA in the same keytab file. Reference this keytab file in 


KodaK <sako...@gmail.com> wrote:

>Another off the wall one from me, but I just want to know if this is
>I have a series of internal web applications that authenticate
>variously to
>AD or IPA via prompted credentials.
>I'd like to use Kerberos tickets (and fall back to LDAP) instead.
>I have an IPA connected apache server that most of this stuff runs on.
>Is it possible to use both?
>I'm going to try following this example to get my feet wet:
>but that's just talking about mutilple AD realms.  I'd like to know if
>there was any special considerations for IPA
>Thanks again,
>The government is going to read our mail anyway, might as well make it
>tough for them.  GPG Public key ID:  B6A1A7C6
>Freeipa-users mailing list

Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Freeipa-users mailing list

Reply via email to