Hello List,We are using 2.2.9 on Debian with mod_ldap and mod_auth_kerb_5.4. Latter supports failback to basic authentication. So far it is working well. Problem arises with functional requrements for authorization. It is required that members of certain ldap group are tied to gssapi authentication whereas members of another group are forced to use basic auth, both must reach same location as a result. Now I would like to know how it is possible to implement failback either with processing failed attempts or with stacking multiple instance of authorization providers because of unique ldap group instances.
Say we have single location /svn, now by ldap group membership we want that groupA members get through using kerberos (gssapi) and groupB members utilize http basic auth. Please share your thoughts (and examples, if there are any). Regards, Aleks F.
Attachment:
signature.asc
Description: Digital signature
|