Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 13353 invoked from network); 14 Dec 2007 02:44:34 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 14 Dec 2007 02:44:34 -0000 Received: (qmail 98480 invoked by uid 500); 14 Dec 2007 02:44:12 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 98470 invoked by uid 500); 14 Dec 2007 02:44:12 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 98459 invoked by uid 99); 14 Dec 2007 02:44:12 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Dec 2007 18:44:12 -0800 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of btricha@gmail.com designates 64.233.184.224 as permitted sender) Received: from [64.233.184.224] (HELO wr-out-0506.google.com) (64.233.184.224) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Dec 2007 02:43:51 +0000 Received: by wr-out-0506.google.com with SMTP id 37so689623wra.12 for ; Thu, 13 Dec 2007 18:43:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=hVo0+LozfSmDGqnl3KbreYq0kFRPlPqmUYXbN6dJ/SU=; b=wnOKEaoLQTHCzuLsvG8iQL3mJ1oKbXDO/+P3+Y/AcRVf/eUSck4c/Aah+WfCYGsHbUiK+4kJcgTEa7LFOaESG442sDW2gGVFQX0V6Lf8pC9Kr3Oui+U+6UTb7xOB9G3lhmyO5lX82Ylg1bmADft8fAHMNdnmCqapwD31fvdkqAA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=wEgQuaDgDChQq3QV3a0NoKhgfGL4ySFI9gx2iI6gpnXgz8QTXdmlxx9Go/BGN6dLIGh07VFoMULHL/GwXl4DxCOfRxasYZfKifpb5scpbaxYlmcCmMW9eqXL5591pWmNHHIoMc02ecSJrzMLaLD6fmreJOdBf3T7qF2PRO1fc94= Received: by 10.150.54.6 with SMTP id c6mr958860yba.77.1197600233762; Thu, 13 Dec 2007 18:43:53 -0800 (PST) Received: by 10.150.182.8 with HTTP; Thu, 13 Dec 2007 18:43:53 -0800 (PST) Message-ID: <3f81a4240712131843i4d17087eg360f28f218e64937@mail.gmail.com> Date: Thu, 13 Dec 2007 19:43:53 -0700 From: "Bryan Richardson" To: users@httpd.apache.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_12089_19001421.1197600233742" X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] Authentication via Kerberos ------=_Part_12089_19001421.1197600233742 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hello, I'm not new to Apache, but I am new to trying to set up authentication other than the basic type. I've been tasked to set up a Trac site for software projects within my organization at work, and I'm required to restrict access on a need-to-know basis. Our company uses Active Directory (of course), and I'm wanting to set up my web server such that users of the Trac sites can use their Kerberos password rather than using a different one stored locally on the web server. I'd like to still be able to specify what users are allowed access, but once I've granted access to a specific username (one that's in the Active Directory) I'd like the Kerberos password associated with the username to be the password used by Apache. Is this possible? I assume using Kerberos is possible, but is it possible to specify users allowed rather than allowing all users in the Active Directory access? Thanks in advance! -- BTR ------=_Part_12089_19001421.1197600233742 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hello,

I'm not new to Apache, but I am new to trying to set up authentication other than the basic type.  I've been tasked to set up a Trac site for software projects within my organization at work, and I'm required to restrict access on a need-to-know basis.  Our company uses Active Directory (of course), and I'm wanting to set up my web server such that users of the Trac sites can use their Kerberos password rather than using a different one stored locally on the web server.  I'd like to still be able to specify what users are allowed access, but once I've granted access to a specific username (one that's in the Active Directory) I'd like the Kerberos password associated with the username to be the password used by Apache.

Is this possible?  I assume using Kerberos is possible, but is it possible to specify users allowed rather than allowing all users in the Active Directory access?

Thanks in advance! -- BTR
------=_Part_12089_19001421.1197600233742--