[33200] in Kerberos
Re: Kerberos cross-realm with AD
daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Feb 8 12:49:47 2011
From: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
In-Reply-To: <20110208131734.GA6411@talktalkplc.com> (Brian Candler's message
of "Tue, 8 Feb 2011 13:17:34 +0000")
Date: Tue, 08 Feb 2011 09:49:36 -0800
Message-ID: <87sjvy76xb.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Brian Candler <B.Candler@pobox.com> writes:
> On Tue, Feb 08, 2011 at 11:34:55PM +1100, Jean-Yves Avenard wrote:
>> It does fall back to basic ; but not to the basic provided by
>> mod_authz_ldap or any other authz_xxx for that matter;
> Ah, I hadn't tried that, and thank you for your explanation. Sounds like
> "KrbAuthoritative off" was intended to work the way you describe, but
> doesn't in practice.
It's very difficult to get Apache auth modules to stack in any sort of
useful fashion. It doesn't help that Apache server hooks are almost
completely undocumented.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
