On Dec 14, 2007 3:43 AM, Bryan Richardson <[EMAIL PROTECTED]> wrote: > Is this possible? I assume using Kerberos is possible, but is it possible > to specify users allowed rather than allowing all users in the Active > Directory access?
The way to do this is to use the Active Directory for authentication, but to use your own group file for authorization. So you set up whatever authentication mechanism works for you and then add something like the following: AuthGroupFile /my/group Require group developers. Then in your group file you can list all the users (with their AD logins) that you want to have access as members of the group developers. (Or any other group name that makes sense to you). I haven't gotten kerberos authentication working. I have gotten Active Directory authentication working however, using a perl module. Krist -- [EMAIL PROTECTED] [EMAIL PROTECTED] Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
