httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Delle Grazie <brett.dellegra...@intact-is.com>
Subject Re: [users@httpd] mod_authnz_ldap with kerberos?
Date Wed, 20 Oct 2010 12:29:31 GMT
Hi,
On Wed, 2010-10-20 at 12:27 +0200, Assarsson, Emil wrote:
> Hi all,
> 
> I use mod_authnz_ldap today with simple ldap bind.
> Our security team wants me to use to use Kerberos instead to make it more secure.
> This will allow them to specify from where the service account can login and will also
protect the credentials from eavesdropping.
> 
> Is it possible to make mod_authnz_ldap to use a keytab instead? 
> Or do anyone have a suggestion how to solve this in a even better way?

mod_auth_kerb: http://modauthkerb.sourceforge.net/

Complex but does work, even with Active Directory.

> 
> Best regards
> 
> Emil Assarsson
> Sony Ericsson Mobile Communications AB
> 
> "The information in this email, and attachment(s) thereto, is strictly confidential and
may be legally privileged. It is intended solely for the named recipient(s), and access to
this e-mail, or any attachment(s) thereto, by anyone else is unauthorized. Violations hereof
may result in legal actions. Any attachment(s) to this e-mail has been checked for viruses,
but please rely on your own virus-checker and procedures. If you contact us by e-mail, we
will store your name and address to facilitate communications in the matter concerned. If
you do not consent to us storing your name and address for above stated purpose, please notify
the sender promptly. Also, if you are not the intended recipient please inform the sender
by replying to this transmission, and delete the e-mail, its attachment(s), and any copies
of it without, disclosing it."
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email 
> ______________________________________________________________________

-- 
Best Regards,

Brett Delle Grazie

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message