httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Assarsson, Emil" <Emil.Assars...@sonyericsson.com>
Subject RE: [users@httpd] mod_authnz_ldap with kerberos?
Date Thu, 21 Oct 2010 06:51:06 GMT
>> I use mod_authnz_ldap today with simple ldap bind.
>> Our security team wants me to use to use Kerberos instead to make it more secure.
>> This will allow them to specify from where the service account can login and will
also protect the credentials from eavesdropping.
>> Is it possible to make mod_authnz_ldap to use a keytab instead? 
>> Or do anyone have a suggestion how to solve this in a even better way?
> mod_auth_kerb: http://modauthkerb.sourceforge.net/
> Complex but does work, even with Active Directory.

I am using mod_auth_kerb today to do the accual authentication. I only use mod_authnz_ldap
to do the authorization based on AD security groups.
What I need is better security for the ldap bind mod_authnz_ldap -> AD. Do you mean that
I should be able to use the kinit done by mod_auth_kerb?


Best regards,
Emil Assarsson 




Mime
View raw message