On Tuesday 09 August 2005 06:28, Branko Čibej wrote:
> John Szakmeister wrote:
> >On Monday 08 August 2005 20:39, Samay wrote:
> >[snip]
> >
> >>actually REALM is important if
> >>a) one is authenticating agaisnt multiple AD domains. One need to know
> >>user@REALM1 is different from user@REALM2.
> >>b) specific to AD, user@REALM is the real user ID on AD, hence makes it
> >>easy to implement access control on Apache, etc.
> >>c) if AD is configured properly, then user@REALM also is the email
> >> address.
> >
> >But you also lose out on groups with mod_auth_kerb. Kerberos has no
> > concept of groups. :-(
>
> Ah, but groups are an authorization concept, not an authentication
> concept. I've got a setup that uses mod_auth_kerb for authentication,
> and an ordinary mod_auth group file for group access control. With AD,
> you can also use ldap for the group filter.
Yeah, I know. :-) You were able to get mod_auth_kerb to run with something
else? My attempts were unsuccessful (w/Apache 2.0.46, when I tried it). To
be specific I was trying to use mod_auth_kerb for authentication, and looking
for a way to use mod_auth_ldap to help with the group part, but I had no such
luck. I could never get the two to play well together.
-John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Aug 9 12:44:54 2005