httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Lingel" <gdw...@gmail.com>
Subject [users@httpd] Kerberos and local group authentication
Date Mon, 25 Sep 2006 16:57:14 GMT
I'v been able to set up Kerberos authentication to W2K AD but want to use
local groups, or a list of users, as well.  That is, I want users to enter
their Windows user name and password and then get access only if they are
listed in a local file on the apache server.  Has anyone been able to do
this?

Setup:

Solaris 8
Apache 2.0.59
krb-1.5.1
mod_auth_kerb 5.0

The httpd.conf entries below aren't my exact entries, but you get the idea.
I want any user listed in groupfile to be able to access the site.  I've
tried to use both user and group files.  Users work if specified with realm
name in the httpd.conf, i.e., require user user1@COMPANY.COM.  The error I
get in the Apache logs (set to debug) is:

configuration error:  couldn't check access.  No groups file?:
/directory/test.html

httpd.conf entries:

    AuthType Kerberos
    AuthName "Kerberos Login"
    KrbMethodNegotiate off
    KrbMethodK5Passwd on
    KrbServiceName HTTP
    Krb5KeyTab /etc/krb5/krb5.keytab
    KrbAuthRealms COMPANY.COM <http://company.com/>
    KrbAuthoritative on
    KrbVerifyKDC off
    KrbSaveCredentials off
    #AuthUserFile groupfile
    AuthGroupFile groupfile
    Require group mygroup

Any help is appreciated.

Mime
View raw message