[33195] in Kerberos
Re: Kerberos cross-realm with AD
daemon@ATHENA.MIT.EDU (Jean-Yves Avenard)
Tue Feb 8 06:04:23 2011
MIME-Version: 1.0
In-Reply-To: <20110208100234.GB2845@talktalkplc.com>
Date: Tue, 8 Feb 2011 22:04:14 +1100
Message-ID: <AANLkTim4Huuy6izh6MU4xkyx24PGRaL3z1qRpoEOEug_@mail.gmail.com>
From: Jean-Yves Avenard <jyavenard@gmail.com>
To: Brian Candler <B.Candler@pobox.com>
Cc: kerberos@mit.edu, "Douglas E. Engert" <deengert@anl.gov>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi
On 8 February 2011 21:02, Brian Candler <B.Candler@pobox.com> wrote:
> You have a solution for mapping kerberos identity to system username via
> ldap? If so I'd be very interested to see it.
Yes, for apache..
I have patched the mod_authz_ldap a while ago in order to first
simulate what apple did with their Open Directory and multiple-aliases
per account.
I then patched mod_auth_kerberos so it could be used for both kerberos
authentication and if not working default to basic authtype
So ultimately, mod_auth_kerb provides the authentication side of
things and mod_auth_ldap provides the authorisation side.
I can provide you with the various mods if you want.
JY
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
