Hi all,
I am trying to set up mod_auth_kerberos on my server, and it's working
fine in itself, but what I would like to do is make kerberos
authentication optional; i.e. if a user has a kerberos ticket, they get
authenticated, get the REMOTE_USERNAME and stuff -- but if the user
doesn't have the kerberos ticket, they are simply allowed in as a
regular anonymous user, *without* being prompted with any dialog boxes.
My current config is:
<Location /wiki/Kerberos_login>
AuthType Kerberos
AuthName "My Login"
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms MYREALM.COM
Krb5KeyTab /etc/httpd/HTTP.keytab
require valid-user
</Location>
I tried adding "Satisfy Any", "KrbAuthoritative off", and an Anonymous
configuration block, but the best I could accomplish is either no
authentication for anyone (everyone gets anonymous access), or
authenticated access for everyone (users without Kerberos tickets are
either denied or offered a login dialog).
What I couldn't get is the "do kerberos authentication if possible,
allow anonymous access otherwise" behavior.
Do you know of any way to make it so that the server will validate and
pass down the kerberos ticket info if it's found, but permit anonymous
access, WITHOUT a login dialog, otherwise?
Thanks in advance folks.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
