On Tue, Apr 7, 2009 at 5:50 PM, Dax Kelson <[email protected]> wrote: > On Mon, 2009-04-06 at 11:47 -0700, kerbie_newbie wrote: > >> As far as I can tell, when using mod_auth_kerb and selecting kerberos as the >> authtype it is pretty much Kerberos or nothing ... is this correct? I can >> see no way to intercept the failure. > > This not correct. What you want are these two directives: > > KrbMethodNegotiate On > KrbMethodK5Passwd On
If I remember right, there is a directive called something like authoritative. I did never use it but it is used to pass authentication to other modules (again, if I remember well). That is exactly what you need so instead of enabling password authentication, you need to stack the ldap authentication also, and let proceed if negotiate fails. Anyway, take into account that both fallbacks require a secure server, which is not the case for credential based authentication. Javier Palacios ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
