On Tue, Feb 08, 2011 at 10:04:14PM +1100, Jean-Yves Avenard wrote:
> On 8 February 2011 21:02, Brian Candler <[email protected]> wrote:
> > You have a solution for mapping kerberos identity to system username via
> > ldap? If so I'd be very interested to see it.
>
> Yes, for apache..
Oh I see. Yes, mod_authnz_ldap (apache 2.2) should do the trick; the only
problem I found with it was that I couldn't use kerberos to
authenticate/encrypt the webserver-to-LDAP communication. I never got round
to patching that.
> I then patched mod_auth_kerberos so it could be used for both kerberos
> authentication and if not working default to basic authtype
apache 2.2 has that already:
KrbMethodK5Passwd On
will fallback to basic auth, and then check the username/password against
the KDC.
Were your mods for Apache <=2.0 ?
Regards,
Brian.
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
