Greetings, Is it at all possible to authenticate users via http/.htaccess using their Windows AD (native mode) domain accounts without a local user account? I have made the following changes and it works fine if there's a local user account. I'm trying to stay away from winbind and don't control our AD forest, so I'm not sure we can get ldap extensions in the AD.
If this is not possible with the means I've mentioned, can anyone suggest any alternatives they've used or seen in use? This would mainly be on RHEL3 & RHEL4 boxes, although I have two sun servers that I need to do something with as well. In the /etc/httpd/conf/httpd.conf file I added: AuthPAM_FallThrough on AuthPAM_Enabled on In the /etc/pam.d/ config files I changed httpd and system-auth to: [EMAIL PROTECTED] pam.d]# cat httpd #%PAM-1.0 auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_krb5.so auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_krb5.so [EMAIL PROTECTED] pam.d]# [EMAIL PROTECTED] pam.d]# cat system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_krb5.so ccache=/tmp/krb5cc_%u auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so password required /lib/security/$ISA/pam_cracklib.so retry=3 type= password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so [EMAIL PROTECTED] pam.d]# Any help would be appreciated! -- Paul @ Thy Service -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
