Thu, Oct 02, 2008 at 03:41:34PM +0200, Rudolf.Lippert_at_Proleit.de napsal(a):
> I have noticed the mod_auth_kerb module, but I haven't been able to figure
> out what I need to do to make it work. It seem much more complicated than
> winbind. Still, if one works and the other doesn't, I'll go for kerb.
> Could you explain how you got SSO working?
I don't think so. Here you're steps:
1) create account for machine in AD and export host keytab
HTTP/<FQDN> of apache host - IP where apache is listening on
(forward "A" and reverse "PTR" DNS entry have to match)
2) put the keytab with enough secure permissions to apache host
apache process has to have rights to read this keytab
3) configure mod_auth_kerb this way:
LoadModule auth_kerb_module modules/mod_auth_kerb.so
AuthName "Whatever you want"
KrbAuthRealms <your REALM = AD domain name>
KrbServiceName HTTP/<FQDN of apache host>@<domain>
# this should provide some speed up
That's all. Do you still think it's hard to setup? ;o)
> Dekuji moc,
> Ludek Finstrle <ludek.finstrle_at_pzkagis.cz> schrieb am 02.10.2008 15:26:55:
> > Wed, Oct 01, 2008 at 10:35:43AM +0200, Rudolf.Lippert_at_Proleit.de
> > > I have a problem with at least two edges here:
> > > First:: mod_auth_ntlm_winbind does not support NTLM over HTTPS, while
> > > TortoiseSVN does not support NTLM without HTTPS. At least, this is my
> > > understanding so far.
> > Hello,
> > another point of view. Isn't mod_auth_kerb enough for you? Do you
> > really need ntlm auth? I've working SSO using windows AD as kerberos
> > server and a lot of win clients using it without typing their passwords.
> > I'm sorry I have no ntlm configuration at all.
> > Regards,
> > Luf
To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-10-02 16:20:14 CEST