> John Szakmeister wrote:
>
>>On Monday 08 August 2005 20:39, Samay wrote:
>>[snip]
>>
>>>actually REALM is important if
>>>a) one is authenticating agaisnt multiple AD domains. One need to know
>>>user@REALM1 is different from user@REALM2.
>>>b) specific to AD, user@REALM is the real user ID on AD, hence makes it
>>>easy to implement access control on Apache, etc.
>>>c) if AD is configured properly, then user@REALM also is the email
>>>address.
>>>
>>
>>But you also lose out on groups with mod_auth_kerb. Kerberos has no
>>concept of groups. :-(
>>
> Ah, but groups are an authorization concept, not an authentication
> concept. I've got a setup that uses mod_auth_kerb for authentication, and
> an ordinary mod_auth group file for group access control. With AD, you can
> also use ldap for the group filter.
>
> -- Brane
mate, care to share any clues about mod_ldap w/ AD for authorisation bit!
thats the missing bit in my puzzle here ..
many thanks for your help!
cheers
SJ
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Aug 9 12:50:42 2005