[33199] in Kerberos
Re: Kerberos cross-realm with AD
daemon@ATHENA.MIT.EDU (Jean-Yves Avenard)
Tue Feb 8 09:07:11 2011
MIME-Version: 1.0
In-Reply-To: <20110208131734.GA6411@talktalkplc.com>
Date: Wed, 9 Feb 2011 01:07:04 +1100
Message-ID: <AANLkTinq1Z70=8+isF85=439riZbWe7cNLXPGjcuqg7a@mail.gmail.com>
From: Jean-Yves Avenard <jyavenard@gmail.com>
To: Brian Candler <B.Candler@pobox.com>
Cc: kerberos@mit.edu, "Douglas E. Engert" <deengert@anl.gov>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi
On 9 February 2011 00:17, Brian Candler <B.Candler@pobox.com> wrote:
> Ah, I hadn't tried that, and thank you for your explanation. Sounds like
> "KrbAuthoritative off" was intended to work the way you describe, but
> doesn't in practice.
Yeah it took me a while to understand why it didn't work as expected,
and the flow of apache with auth module is puzzling ; you can't do
fall-back either, like say starting with digest and if it fails go
back to basic.
> Worth submitting upstream?
I did...
both the mod_auth_kerb and the apache mod_authz_ldap (ticket 42561,
it's an extension of an existing ticket)
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
