And if i use another name like martin from the database the kerberos prinicipal changes also martin@....
so it is possible to know which user from the AD is logged in or out into the application which is authentificated with kerberos. is that right? best regards john mcb30 wrote: > > On Thursday 03 Mar 2011 08:07:22 john s. wrote: >> I have on more Question in Relation to Authentification with Kerberos >> >> I would like to use an windows 2008 server with AD, and an Web >> Application >> ( RT) on a linux sever with Apache and Kerberos Module system. >> >> And the Kerberos Stuff is handeld by the Win2008 AD... >> >> So .. so far so good. But it is possible to make an Authentification >> with >> the AD Login Names from the Whole Network, not only the Kerberos Login >> Account? >> >> For Example if i go through an log file i would like to see that a >> certain >> user from the network has logged in on the apache server and not only the >> kerberos account should be appeard in the log file. >> >> is this possible?? > > Not sure what you're asking. The Kerberos user account *is* the Active > Directory user account. If you log in to the AD domain "ad.example.com" > as > user "johns", then when you connect to a properly-configured Apache server > it > will authenticate you as the Kerberos principal "[email protected]". > > This string "[email protected]" is what will show up as the "remote > user" > in Apache logs (assuming that your LogFormat includes a "%u"). > > Michael > > -- View this message in context: http://old.nabble.com/Comprehension-Question-about-LDAP-and-SSO-tp30995959p31058175.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
