httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Victor Danilchenko <>
Subject [users@httpd] Help with authentication config -- need *optional* non-dialog configuration
Date Mon, 14 Jan 2013 18:37:35 GMT
	Hi all,

	I am trying to set up mod_auth_kerberos on my server, and it's working 
fine in itself, but what I would like to do is make kerberos 
authentication optional; i.e. if a user has a kerberos ticket, they get 
authenticated, get the REMOTE_USERNAME and stuff -- but if the user 
doesn't have the kerberos ticket, they are simply allowed in as a 
regular anonymous user, *without* being prompted with any dialog boxes.

	My current config is:

<Location /wiki/Kerberos_login>
   AuthType Kerberos
   AuthName "My Login"
   KrbMethodNegotiate On
   KrbMethodK5Passwd On
   KrbAuthRealms MYREALM.COM
   Krb5KeyTab /etc/httpd/HTTP.keytab
   require valid-user

	I tried adding "Satisfy Any", "KrbAuthoritative off", and an Anonymous 
configuration block, but the best I could accomplish is either no 
authentication for anyone (everyone gets anonymous access), or 
authenticated access for everyone (users without Kerberos tickets are 
either denied or offered a login dialog).

	What I couldn't get is the "do kerberos authentication if possible, 
allow anonymous access otherwise" behavior.

	Do you know of any way to make it so that the server will validate and 
pass down the kerberos ticket info if it's found, but permit anonymous 
access, WITHOUT a login dialog, otherwise?

	Thanks in advance folks.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message