Hi all,I am trying to set up mod_auth_kerberos on my server, and it's working fine in itself, but what I would like to do is make kerberos authentication optional; i.e. if a user has a kerberos ticket, they get authenticated, get the REMOTE_USERNAME and stuff -- but if the user doesn't have the kerberos ticket, they are simply allowed in as a regular anonymous user, *without* being prompted with any dialog boxes.
My current config is: <Location /wiki/Kerberos_login> AuthType Kerberos AuthName "My Login" KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms MYREALM.COM Krb5KeyTab /etc/httpd/HTTP.keytab require valid-user </Location>I tried adding "Satisfy Any", "KrbAuthoritative off", and an Anonymous configuration block, but the best I could accomplish is either no authentication for anyone (everyone gets anonymous access), or authenticated access for everyone (users without Kerberos tickets are either denied or offered a login dialog).
What I couldn't get is the "do kerberos authentication if possible, allow anonymous access otherwise" behavior.
Do you know of any way to make it so that the server will validate and pass down the kerberos ticket info if it's found, but permit anonymous access, WITHOUT a login dialog, otherwise?
Thanks in advance folks. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|