Anyone has an apache running with mod_auth_kerb AND mod_auth_ldap?
Russ Allbery
rra at stanford.edu
Thu Oct 5 13:13:53 EDT 2006
Michael B Allen <mba2000 at ioplex.com> writes:
> "Djihangiroff, Matthias (KC-DD)" <Matthias.Djihangiroff at persona.de> wrote:
>> Anyone out there whos running an Apache with mod_auth_kerb and
>> mod_auth_ldap?
>> Im running an Apache with mod_auth_kerb perfectly.
>> But we have users, which arent in our Windows AD, so they cant load the
>> websites protected through mod_auth_kerb.
>> Is it possible to fall back to mod_auth_ldap, so they can manualy type
>> in their login? (The Apache than check the user against the LDAP).
> I don't know the answer to this (my understanding is that trying to
> stack mod_auth_* modules together is not practical) but I just want to
> point out that you can use krb5_get_init_creds_password to do Basic so
> there's no reason to use LDAP at all. In fact using LDAP as a make-shift
> authentication service is crude and insecure. Wether or not mod_auth_kerb
> can do it I have no idea.
mod_auth_kerb can (via BasicAuth), but you need to have the passwords in
some Kerberos database. It doesn't help if they're only in LDAP.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list