On Thursday 03 Mar 2011 08:07:22 john s. wrote: > I have on more Question in Relation to Authentification with Kerberos > > I would like to use an windows 2008 server with AD, and an Web Application > ( RT) on a linux sever with Apache and Kerberos Module system. > > And the Kerberos Stuff is handeld by the Win2008 AD... > > So .. so far so good. But it is possible to make an Authentification with > the AD Login Names from the Whole Network, not only the Kerberos Login > Account? > > For Example if i go through an log file i would like to see that a certain > user from the network has logged in on the apache server and not only the > kerberos account should be appeard in the log file. > > is this possible??
Not sure what you're asking. The Kerberos user account *is* the Active Directory user account. If you log in to the AD domain "ad.example.com" as user "johns", then when you connect to a properly-configured Apache server it will authenticate you as the Kerberos principal "[email protected]". This string "[email protected]" is what will show up as the "remote user" in Apache logs (assuming that your LogFormat includes a "%u"). Michael
