John Szakmeister wrote:
>On Monday 08 August 2005 20:39, Samay wrote:
>[snip]
>
>
>>actually REALM is important if
>>a) one is authenticating agaisnt multiple AD domains. One need to know
>>user@REALM1 is different from user@REALM2.
>>b) specific to AD, user@REALM is the real user ID on AD, hence makes it
>>easy to implement access control on Apache, etc.
>>c) if AD is configured properly, then user@REALM also is the email address.
>>
>>
>
>But you also lose out on groups with mod_auth_kerb. Kerberos has no concept
>of groups. :-(
>
>
Ah, but groups are an authorization concept, not an authentication
concept. I've got a setup that uses mod_auth_kerb for authentication,
and an ordinary mod_auth group file for group access control. With AD,
you can also use ldap for the group filter.
-- Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Aug 9 12:31:35 2005