[rt-users] Comprehension Question about LDAP and SSO

[john s.]

And if i use another name like martin from the database the kerberos
prinicipal changes also martin at ....

so it is possible to know which user from the  AD is logged in or out into
the application which is authentificated with kerberos.

is that right?

best regards john 




mcb30 wrote:
> 
> On Thursday 03 Mar 2011 08:07:22 john s. wrote:
>> I have on more Question in Relation to Authentification with Kerberos
>> 
>> I would like to  use an windows 2008 server with AD, and an Web
>> Application
>> ( RT) on a linux sever with Apache and Kerberos Module  system.
>> 
>> And the Kerberos Stuff is handeld by the Win2008 AD...
>> 
>> So .. so far so good.  But it is possible to make an Authentification
>> with
>> the AD Login Names from the Whole Network, not only the Kerberos Login
>> Account?
>> 
>> For Example if i go through an log file i would like to see that a
>> certain
>> user from the network has logged in on the apache server and not only the
>> kerberos account should be appeard in the log file.
>> 
>> is this possible??
> 
> Not sure what you're asking.  The Kerberos user account *is* the Active 
> Directory user account.  If you log in to the AD domain "ad.example.com"
> as 
> user "johns", then when you connect to a properly-configured Apache server
> it 
> will authenticate you as the Kerberos principal "johns at AD.EXAMPLE.COM".
> 
> This string "johns at AD.EXAMPLE.COM" is what will show up as the "remote
> user" 
> in Apache logs (assuming that your LogFormat includes a "%u").
> 
> Michael
> 
> 

-- 
View this message in context: http://old.nabble.com/Comprehension-Question-about-LDAP-and-SSO-tp30995959p31058175.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.