[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Apache: How to combine kerberos with ldap?



On Mon, 30 Jul 2007 16:52:47 +0300
"Hai Zaar" <haizaar@gmail.com> wrote:

> On 7/30/07, John Nietzsche <john.nietzsche@gmail.com> wrote:
> > I am interested about this matter too.
> > Would you mind sending me the answers you get?
> +1
> Thanks in advance.
> >
> > Thanks a lot for your time and cooperation.
> >
> > Best regards.
> >
> > On 7/30/07, Florian Erfurth <floh-erfurth@arcor.de> wrote:
> > > Hi, I want to configure apache webserver so it tries to authentificate with
> > > kerberos (AuthType Kerberos) first. If it fails, then it should do a
> > > LDAP-authentification (AuthType Basic).
> > > How can I do that? Is there any documentation about that?
> > > I'm using apache 2.0.59.

Well this question doesn't really have much to do with Kerberos but if
you really want to know I can tell you what we do in our product.

When the HTTP SSO code is invoked it sends the WWW-Authenticate: Negotiate
response but with a body tag that has an onLoad() handler that redirects
the user to a login page. If the browser can do Kerberos it will and
the onLoad() handler is never executed. If it can't do Kerberos it runs
onLoad and the user is directed to a login page.

Unfortunately I think you would have to modify mod_auth_kerb to send an
onLoad handler to get such a thing to work (although I don't really know
much about mod_auth_kerb, I could very well be wrong about this).

Mike

-- 
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/