Kerberos cross-realm with AD
Russ Allbery
rra at stanford.edu
Tue Feb 8 12:49:36 EST 2011
Brian Candler <B.Candler at pobox.com> writes:
> On Tue, Feb 08, 2011 at 11:34:55PM +1100, Jean-Yves Avenard wrote:
>> It does fall back to basic ; but not to the basic provided by
>> mod_authz_ldap or any other authz_xxx for that matter;
> Ah, I hadn't tried that, and thank you for your explanation. Sounds like
> "KrbAuthoritative off" was intended to work the way you describe, but
> doesn't in practice.
It's very difficult to get Apache auth modules to stack in any sort of
useful fashion. It doesn't help that Apache server hooks are almost
completely undocumented.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list