[Freeipa-users] Kerberos authentication + LDAP authorization with apache
Rob Visser
visser.rob at gmail.com
Wed Jul 29 14:18:27 UTC 2009
Hello,
I would like achieve authorization on a kerberised web-page.
My idea is to use an LDAP query for group membership, i.e. the uid should be
a member of a certain group in order to serve out pages.
Authentication with Kerberos gssapi works well.
I do not know how to achieve the authorization.
This is what I tried:
<Directory "/usr/share/ipa/ipatest">
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate on
KrbMethodK5Passwd off
KrbServiceName HTTP
KrbAuthRealms USN.TIC
Krb5KeyTab /etc/httpd/conf/ipa.keytab
KrbSaveCredentials on
AuthzLDAPAuthoritative on
AuthLDAPUrl ldap://localhost/cn=users,cn=accounts,dc=usn,dc=tic?uid
Require ldap-group cn=ipausers,cn=groups,cn=accounts,dc=usn,dc=tic
Require valid-user
Satisfy all
</Directory>
Any help is appreciated.
Rob Visser
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20090729/fdda161d/attachment.htm>
More information about the Freeipa-users
mailing list