Re: Practical experience with NTLM/Windows Integrated Authentication [Apache]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Feb 17, 2009 at 2:59 PM, Kanwar Ranbir Sandhu
<m3freak@xxxxxxxxxxxxxxxxxx> wrote:
> On Tue, 2009-02-17 at 10:27 -0700, Joseph L. Casale wrote:
>> I haven't tried this one, but make note it lacks NTLMv2 and group support
>> which made it non usable in my environment. Like Filipe suggested
>> mod_auth_ntlm_winbind addresses this but it appears it's not actively
>> maintained and I got stuck configuring it and gave up...
>
> I believe you can use kerberos auth and group lookups.  For the group
> support, you need to do direct LDAP lookups.  Just run a google search
> for 'kerberos apache group', or something along those lines, to find
> some links discussing what I've mentioned here.

If you have a lot of hosts that need access to winbind mapped
UIDs/GIDs instead of setting up winbind everywhere and having a
administrative headache if the RID mapping gets messed up on one host,
setup a winbind to NIS server that puts the mappings into NIS maps and
propagate the information that way. Only real difference on the other
hosts is to switch 'winbind' to 'nis' in nsswitch.conf.

-Ross
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux