Multiple Authentication Modules fail over

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi folks,
I would like to know if it is possible to use multiple authentication modules in a failover manner.
What I am trying to achieve is to use enforce this policy:
1. Kerberos password-less
2. LDAP authentication
3. Deny access

Note: I have managed to get each module working one by one, but I have failed to switch to the LDAP module when kerberos fails. According to other threads this is how it should be configured, but unfortunately it doesn't work:

        <Location /svn>
                AuthName "Kerberos Authentication"
                AuthType Kerberos
                KrbServiceName HTTP
                Krb5Keytab /etc/httpd/conf/http.keytab
                KrbAuthRealm EXAMPLE.COM
                KrbMethodNegotiate On
                KrbSaveCredentials Off
                KrbMethodK5Passwd Off
                KrbVerifyKDC on
                KrbAuthoritative off
                KrbDelegateBasic on
                AuthType Basic
                AuthBasicProvider ldap
                AuthLDAPURL ldap://ldap1.example.com/ou=people,dc=example,dc=com?krb5PrincipalName?sub STARTTLS
                AuthLDAPBindDN cn=authentication,dc=example,dc=com
                AuthLDAPBindPassword Secret
                AuthzLDAPAuthoritative Off
        </Location>

This configuration doesn't work because the kerberos configuration is overridden by the LDAP directives, although I have read somewhere that the KrbDelegateBasic directive should be a work around for something not natively supported by Apache.

Any help very much appreciated. . .
Thanks
Cosimo
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux