Anyone has an apache running with mod_auth_kerb AND mod_auth_ldap?

Russ Allbery rra at
Thu Oct 5 13:13:53 EDT 2006

Michael B Allen <mba2000 at> writes:
> "Djihangiroff, Matthias (KC-DD)" <Matthias.Djihangiroff at> wrote:

>> Anyone out there whos running an Apache with mod_auth_kerb and
>> mod_auth_ldap?
>> Im running an Apache with mod_auth_kerb perfectly.

>> But we have users, which arent in our Windows AD, so they cant load the
>> websites protected through mod_auth_kerb.
>> Is it possible to fall back to mod_auth_ldap, so they can manualy type
>> in their login? (The Apache than check the user against the LDAP).

> I don't know the answer to this (my understanding is that trying to
> stack mod_auth_* modules together is not practical) but I just want to
> point out that you can use krb5_get_init_creds_password to do Basic so
> there's no reason to use LDAP at all. In fact using LDAP as a make-shift
> authentication service is crude and insecure. Wether or not mod_auth_kerb
> can do it I have no idea.

mod_auth_kerb can (via BasicAuth), but you need to have the passwords in
some Kerberos database.  It doesn't help if they're only in LDAP.

Russ Allbery (rra at             <>

More information about the Kerberos mailing list