[33198] in Kerberos
Re: Kerberos cross-realm with AD
daemon@ATHENA.MIT.EDU (Brian Candler)
Tue Feb 8 08:17:48 2011
Date: Tue, 8 Feb 2011 13:17:34 +0000
From: Brian Candler <B.Candler@pobox.com>
To: Jean-Yves Avenard <jyavenard@gmail.com>
Message-ID: <20110208131734.GA6411@talktalkplc.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <AANLkTim1rM8e+jS77CTt7XGdKDHSWbjstVVux2P=JNXU@mail.gmail.com>
Cc: kerberos@mit.edu, "Douglas E. Engert" <deengert@anl.gov>
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Tue, Feb 08, 2011 at 11:34:55PM +1100, Jean-Yves Avenard wrote:
> On 8 February 2011 22:17, Brian Candler <B.Candler@pobox.com> wrote:
>
> > KrbMethodK5Passwd On
> >
> > will fallback to basic auth, and then check the username/password against
> > the KDC.
>
> Not quite.
>
> It does fall back to basic ; but not to the basic provided by
> mod_authz_ldap or any other authz_xxx for that matter;
Ah, I hadn't tried that, and thank you for your explanation. Sounds like
"KrbAuthoritative off" was intended to work the way you describe, but
doesn't in practice.
> My mods are for apache 2.2
Worth submitting upstream?
Regards,
Brian.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
