Kerberos cross-realm with AD
Brian Candler
B.Candler at pobox.com
Tue Feb 8 08:17:34 EST 2011
On Tue, Feb 08, 2011 at 11:34:55PM +1100, Jean-Yves Avenard wrote:
> On 8 February 2011 22:17, Brian Candler <B.Candler at pobox.com> wrote:
>
> > KrbMethodK5Passwd On
> >
> > will fallback to basic auth, and then check the username/password against
> > the KDC.
>
> Not quite.
>
> It does fall back to basic ; but not to the basic provided by
> mod_authz_ldap or any other authz_xxx for that matter;
Ah, I hadn't tried that, and thank you for your explanation. Sounds like
"KrbAuthoritative off" was intended to work the way you describe, but
doesn't in practice.
> My mods are for apache 2.2
Worth submitting upstream?
Regards,
Brian.
More information about the Kerberos
mailing list