integrating ldap & krb5 for Apache auth -- which comes first?

pgnet trash pgnet.trash at
Thu Aug 21 16:55:54 EDT 2008

i'm integrating apache + kerberos5 + openldap, with the goal of using
kerberos credentials to authenticate web app access.

krb5 & openldap are both up-n-running standalone, as is apache.

for apache auth, i've read through the OpenLdap & Krb5 SysAdm guides and,
iiuc, i can either

 (a) use mod_auth_ldap for auth, with ldap pointed at a krb5 keytab
containing authorized principals' credentials,


 (b) use mod_auth_krb5 for auth, with ldap setup as krb5's backend db, e.g.,
dbmodule:db_library = kldap

if, in fact, both are options, which usage is recommended?

More information about the Kerberos mailing list