Kerberos cross-realm with AD

Jean-Yves Avenard jyavenard at gmail.com
Tue Feb 8 06:04:14 EST 2011


Hi

On 8 February 2011 21:02, Brian Candler <B.Candler at pobox.com> wrote:
> You have a solution for mapping kerberos identity to system username via
> ldap? If so I'd be very interested to see it.

Yes, for apache..

I have patched the mod_authz_ldap a while ago in order to first
simulate what apple did with their Open Directory and multiple-aliases
per account.
I then patched mod_auth_kerberos so it could be used for both kerberos
authentication and if not working default to basic authtype

So ultimately, mod_auth_kerb provides the authentication side of
things and mod_auth_ldap provides the authorisation side.

I can provide you with the various mods if you want.

JY



More information about the Kerberos mailing list