使用kerberos、文件和ldap的Apache身份验证_Apache_File_Authentication_Ldap_Kerberos

使用kerberos、文件和ldap的Apache身份验证

apache file authentication ldap

使用kerberos、文件和ldap的Apache身份验证,apache,file,authentication,ldap,kerberos,Apache,File,Authentication,Ldap,Kerberos,我尝试将apache配置为在第一个kerberos、第二个文件和最后一个ldap中使用身份验证，但它不起作用带有ldap回退功能的Kerberos运行良好。只有使用ldap的文件身份验证也可以工作。但是使用ldap和文件回退的Kerberos不起作用 Kerberos/Ldap: <Location "/"> Require ldap-group <MY-DLAP-GROUP> Order allow,deny Allow from all AuthType Kerbe

我尝试将apache配置为在第一个kerberos、第二个文件和最后一个ldap中使用身份验证，但它不起作用

带有ldap回退功能的Kerberos运行良好。只有使用ldap的文件身份验证也可以工作。但是使用ldap和文件回退的Kerberos不起作用

Kerberos/Ldap:

<Location "/">
Require ldap-group <MY-DLAP-GROUP>
Order allow,deny
Allow from all
AuthType Kerberos
AuthName "test"
AuthzLDAPAuthoritative on
AuthLDAPDereferenceAliases never
AuthLDAPURL "ldaps://<MY-LDAPS-URL>?userPrincipalName?sub?(objectCategory=Person)"
AuthLDAPBindDN "<MY-LDAP-USER>"
AuthLDAPBindPassword <MY-LDAP-USER-PASSWORD>
</Location>
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbAuthoritative on
KrbAuthRealms <MY-REALM>
Krb5Keytab <MY-KERBEROS-KEYTAB>
KrbVerifyKDC on
KrbServiceName <MY-KERBEROS-SERVICE-NAME>
KrbSaveCredentials off

<Location "/">
Require ldap-group <MY-DLAP-GROUP>
Order allow,deny
Allow from all
AuthType Basic
AuthName "test"
AuthBasicProvider file ldap
AuthUserFile /etc/httpd/.htpasswd
AuthzLDAPAuthoritative on
AuthLDAPDereferenceAliases never
AuthLDAPURL "ldaps://<MY-LDAPS-URL>?userPrincipalName?sub?(objectCategory=Person)"
AuthLDAPBindDN "<MY-LDAP-USER>"
AuthLDAPBindPassword <MY-LDAP-USER-PASSWORD>
</Location>
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbAuthoritative on
KrbAuthRealms <MY-REALM>
Krb5Keytab <MY-KERBEROS-KEYTAB>
KrbVerifyKDC on
KrbServiceName <MY-KERBEROS-SERVICE-NAME>
KrbSaveCredentials off


需要ldap组
命令允许，拒绝
通融
身份验证类型Kerberos
AuthName“测试”
奥兹尔达蓬
authldapdereferenceAlias从不
AuthLDAPURL“ldaps://？userPrincipalName？sub？（objectCategory=Person）
AuthLDAPBindDN“”
AuthLDAPBindPassword
KrbMethodNegotiate on
KrbMethodK5Passwd打开
Krbautoritative on
克尔鲍斯王国
Krb5Keytab
KrbVerifyKDC on
KrbServiceName
KrbSaveCredentials关闭

文件/Ldap:

<Location "/">
Require ldap-group <MY-DLAP-GROUP>
Order allow,deny
Allow from all
AuthType Kerberos
AuthName "test"
AuthzLDAPAuthoritative on
AuthLDAPDereferenceAliases never
AuthLDAPURL "ldaps://<MY-LDAPS-URL>?userPrincipalName?sub?(objectCategory=Person)"
AuthLDAPBindDN "<MY-LDAP-USER>"
AuthLDAPBindPassword <MY-LDAP-USER-PASSWORD>
</Location>
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbAuthoritative on
KrbAuthRealms <MY-REALM>
Krb5Keytab <MY-KERBEROS-KEYTAB>
KrbVerifyKDC on
KrbServiceName <MY-KERBEROS-SERVICE-NAME>
KrbSaveCredentials off

<Location "/">
Require ldap-group <MY-DLAP-GROUP>
Order allow,deny
Allow from all
AuthType Basic
AuthName "test"
AuthBasicProvider file ldap
AuthUserFile /etc/httpd/.htpasswd
AuthzLDAPAuthoritative on
AuthLDAPDereferenceAliases never
AuthLDAPURL "ldaps://<MY-LDAPS-URL>?userPrincipalName?sub?(objectCategory=Person)"
AuthLDAPBindDN "<MY-LDAP-USER>"
AuthLDAPBindPassword <MY-LDAP-USER-PASSWORD>
</Location>
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbAuthoritative on
KrbAuthRealms <MY-REALM>
Krb5Keytab <MY-KERBEROS-KEYTAB>
KrbVerifyKDC on
KrbServiceName <MY-KERBEROS-SERVICE-NAME>
KrbSaveCredentials off


需要ldap组
命令允许，拒绝
通融
AuthType Basic
AuthName“测试”
AuthBasicProvider文件ldap
AuthUserFile/etc/httpd/.htpasswd
奥兹尔达蓬
authldapdereferenceAlias从不
AuthLDAPURL“ldaps://？userPrincipalName？sub？（objectCategory=Person）
AuthLDAPBindDN“”
AuthLDAPBindPassword
KrbMethodNegotiate on
KrbMethodK5Passwd打开
Krbautoritative on
克尔鲍斯王国
Krb5Keytab
KrbVerifyKDC on
KrbServiceName
KrbSaveCredentials关闭

有什么想法吗？

您使用的是什么Apache版本？