使用kerberos,file和ldap进行Apache身份验证

时间:2016-12-05 08:12:29

标签: apache file authentication ldap kerberos

我尝试配置apache进行身份验证,以便在第一个kerberos,第二个文件和最后一个ldap使用,但它不起作用。

使用ldap后备的Kerberos工作正常。只有带有ldap的file-auth也可以。但是使用ldap和文件回退的Kerberos不起作用。

的Kerberos / LDAP: 

<Location "/">
Require ldap-group <MY-DLAP-GROUP>
Order allow,deny
Allow from all
AuthType Kerberos
AuthName "test"
AuthzLDAPAuthoritative on
AuthLDAPDereferenceAliases never
AuthLDAPURL "ldaps://<MY-LDAPS-URL>?userPrincipalName?sub?(objectCategory=Person)"
AuthLDAPBindDN "<MY-LDAP-USER>"
AuthLDAPBindPassword <MY-LDAP-USER-PASSWORD>
</Location>
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbAuthoritative on
KrbAuthRealms <MY-REALM>
Krb5Keytab <MY-KERBEROS-KEYTAB>
KrbVerifyKDC on
KrbServiceName <MY-KERBEROS-SERVICE-NAME>
KrbSaveCredentials off

文件/ LDAP: 

<Location "/">
Require ldap-group <MY-DLAP-GROUP>
Order allow,deny
Allow from all
AuthType Basic
AuthName "test"
AuthBasicProvider file ldap
AuthUserFile /etc/httpd/.htpasswd
AuthzLDAPAuthoritative on
AuthLDAPDereferenceAliases never
AuthLDAPURL "ldaps://<MY-LDAPS-URL>?userPrincipalName?sub?(objectCategory=Person)"
AuthLDAPBindDN "<MY-LDAP-USER>"
AuthLDAPBindPassword <MY-LDAP-USER-PASSWORD>
</Location>
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbAuthoritative on
KrbAuthRealms <MY-REALM>
Krb5Keytab <MY-KERBEROS-KEYTAB>
KrbVerifyKDC on
KrbServiceName <MY-KERBEROS-SERVICE-NAME>
KrbSaveCredentials off

任何想法?

0 个答案:

没有答案
相关问题
最新问题