I'v been able to set up Kerberos authentication to W2K AD but want to
use local groups, or a list of users, as well. That is, I want users
to enter their Windows user name and password and then get access only
if they are listed in a local file on the apache server. Has anyone
been able to do this?
Setup:
Solaris 8
Apache 2.0.59
krb-1.5.1
mod_auth_kerb 5.0
The
httpd.conf entries below aren't my exact entries, but you get the
idea. I want any user listed in groupfile to be able to access the
site. I've tried to use both user and group files. Users work if
specified with realm name in the httpd.conf, i.e., require user [EMAIL PROTECTED]. The error I get in the Apache logs (set to debug) is:
configuration error: couldn't check access. No groups file?: /directory/test.html
httpd.conf entries:
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate off
KrbMethodK5Passwd on
KrbServiceName HTTP
Krb5KeyTab /etc/krb5/krb5.keytab
KrbAuthRealms COMPANY.COM
KrbAuthoritative on
KrbVerifyKDC off
KrbSaveCredentials off
#AuthUserFile groupfile
AuthGroupFile groupfile
Require group mygroup
Any help is appreciated.
