httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "César Leonardo Blum Silveira" <>
Subject Re: Kerberos/LDAP/Active Directory
Date Mon, 18 Aug 2008 13:52:03 GMT
On Thu, Aug 14, 2008 at 2:02 PM, Dan White <> wrote:
> John Hosie wrote:
>> Is there any module for Apache that will help in performing
>> authentication/authorization on web services using an Active Directory
>> "registry"? In our environment, when a user logs into their Windows
>> workstation through Active Directory, I understand they are given a Kerberos
>> ticket. I understand that there is a way for this ticket to be passed
>> (through client application code, sent with a URL) to the Apache server
>> module that is providing the service used by the user. I understand that
>> there should be a way to use that ticket to 1) ensure that the user is who
>> they say they are; 2) check to see if the user is in the group (arbitrary)
>> that is allowed to come to this application. I've also been told that using
>> LDAP to go to Active Directory is the right way to do the server side (Linux
>> based) functions, while the Windows environment has their own way to put the
>> client side together.
>>  Is there an example of how do do this somewhere in C code?
>>  What packages need to be installed on the server?
> mod_auth_kerb will let you authenticate an Active Directory user, assuming
> you have everything set up correctly (warning, it's a fairly steep learning
> curve).

There's also mod_spnego
(, which
works Unix and Windows.

> I don't know how to test for group membership with that module, but you
> might be able to additionally use mod_authnz_ldap (require-group) to
> accomplish that.
> - Dan

César L. B. Silveira

View raw message