[rt-users] Comprehension Question about LDAP and SSO
Michael Brown
mbrown at fensystems.co.uk
Thu Mar 3 06:09:28 EST 2011
On Thursday 03 Mar 2011 08:07:22 john s. wrote:
> I have on more Question in Relation to Authentification with Kerberos
>
> I would like to use an windows 2008 server with AD, and an Web Application
> ( RT) on a linux sever with Apache and Kerberos Module system.
>
> And the Kerberos Stuff is handeld by the Win2008 AD...
>
> So .. so far so good. But it is possible to make an Authentification with
> the AD Login Names from the Whole Network, not only the Kerberos Login
> Account?
>
> For Example if i go through an log file i would like to see that a certain
> user from the network has logged in on the apache server and not only the
> kerberos account should be appeard in the log file.
>
> is this possible??
Not sure what you're asking. The Kerberos user account *is* the Active
Directory user account. If you log in to the AD domain "ad.example.com" as
user "johns", then when you connect to a properly-configured Apache server it
will authenticate you as the Kerberos principal "johns at AD.EXAMPLE.COM".
This string "johns at AD.EXAMPLE.COM" is what will show up as the "remote user"
in Apache logs (assuming that your LogFormat includes a "%u").
Michael
More information about the rt-users
mailing list