small issue with lock_author_names

Wolfgang Barth wob at swobspace.de
Wed Dec 26 16:16:01 CET 2007

Previous message: small issue with lock_author_names
Next message: small issue with lock_author_names
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Dec 22, 2007 at 06:48:32PM -0500, Thomas Guyot-Sionnest wrote:

> In our systems we used the attached patch (written by me some time ago)
> to remove domain part and make the username lowercase (Windows AD
> doesn't care about the case while the cgi do, so this avoid us problems).

We have about 20 Active Directory domains with one top level AD domain
(root domain), so I need to distinguish user muellert at ABC from user
muellert at DEF.

> The patch is against mod_auth_kerb-5.3 but since it's pretty simple it
> might as well apply fine on future versions.

I prefer the full qualified name user at REALM.

> We have some problems with that and never took time to investigate. What
> version of the various software did you use? Any particular document you
> followed? You're authenticating against a Windows Server 2003 based AD?

I'm using authentication against an Active Directory based on Windows 
Server 2003 R2.  Some documents I found in the Microsoft technet base 
(especially for creating a working service ticket for apache) 
and the original documentation of mod_auth_kerb. My collegues 
had some trouble with IE 6 and older mod_auth_kerb version 
(first authentication works, but after some time, the 
reauthentication fails and the browser asks the user to enter a
password), I never had such problems with Firefox. With 
mod_auth_kerb 5.3 on apache 2.2 all work's fine.

Applications: mainly web based applications on apache2: nagios, webdav,
some self developed applications. The next SSO project is Typo3 (eu_ldap
for frontend authentication with some small modifications).

The really critical point in all kerberos environments is correct resolving
host names (correctly configured DNS).

May be we can discuss SSO per personal mail, because it is a little of
topic here ;-)

Wolfgang
-- 
<wob (at) swobspace de> * http://www.swobspace.de

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Previous message: small issue with lock_author_names
Next message: small issue with lock_author_names
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list