Kerberos cross-realm with AD
Jean-Yves Avenard
jyavenard at gmail.com
Tue Feb 8 06:04:14 EST 2011
Hi
On 8 February 2011 21:02, Brian Candler <B.Candler at pobox.com> wrote:
> You have a solution for mapping kerberos identity to system username via
> ldap? If so I'd be very interested to see it.
Yes, for apache..
I have patched the mod_authz_ldap a while ago in order to first
simulate what apple did with their Open Directory and multiple-aliases
per account.
I then patched mod_auth_kerberos so it could be used for both kerberos
authentication and if not working default to basic authtype
So ultimately, mod_auth_kerb provides the authentication side of
things and mod_auth_ldap provides the authorisation side.
I can provide you with the various mods if you want.
JY
More information about the Kerberos
mailing list