>> I use mod_authnz_ldap today with simple ldap bind. >> Our security team wants me to use to use Kerberos instead to make it more secure. >> This will allow them to specify from where the service account can login and will also protect the credentials from eavesdropping. >> Is it possible to make mod_authnz_ldap to use a keytab instead? >> Or do anyone have a suggestion how to solve this in a even better way? > mod_auth_kerb: http://modauthkerb.sourceforge.net/ > Complex but does work, even with Active Directory. I am using mod_auth_kerb today to do the accual authentication. I only use mod_authnz_ldap to do the authorization based on AD security groups. What I need is better security for the ldap bind mod_authnz_ldap -> AD. Do you mean that I should be able to use the kinit done by mod_auth_kerb? Best regards, Emil Assarsson
|