I'v been able to set up Kerberos authentication to W2K AD but want to use local groups, or a list of users, as well.  That is, I want users to enter their Windows user name and password and then get access only if they are listed in a local file on the apache server.  Has anyone been able to do this?

Setup:

Solaris 8
Apache 2.0.59
krb-1.5.1
mod_auth_kerb 5.0

The httpd.conf entries below aren't my exact entries, but you get the idea.  I want any user listed in groupfile to be able to access the site.  I've tried to use both user and group files.  Users work if specified with realm name in the httpd.conf, i.e., require user [EMAIL PROTECTED].  The error I get in the Apache logs (set to debug) is:

configuration error:  couldn't check access.  No groups file?: /directory/test.html

httpd.conf entries:

    AuthType Kerberos
    AuthName "Kerberos Login"
    KrbMethodNegotiate off
    KrbMethodK5Passwd on
    KrbServiceName HTTP
    Krb5KeyTab /etc/krb5/krb5.keytab
    KrbAuthRealms COMPANY.COM
    KrbAuthoritative on
    KrbVerifyKDC off
    KrbSaveCredentials off
    #AuthUserFile groupfile
    AuthGroupFile groupfile
    Require group mygroup

Any help is appreciated.

Reply via email to