Differences between version 10 and predecessor to the previous major change of ActiveDirectoryAuthenticationNotes.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 10 | Last edited on Monday, July 19, 2004 9:05:39 pm | by PerryLorier | Revert |
Older page: | version 8 | Last edited on Sunday, September 7, 2003 9:27:25 pm | by CraigBox | Revert |
@@ -1,5 +1,5 @@
-I needed to authenticate a website for a schoole
against an Active Directory server today. I found the job surprisingly easy.
+I needed to authenticate a website for a school
against an Active Directory server today. I found the job surprisingly easy.
My first attempt was using a pam smb module, and an apache pam module. This worked well, but had a couple of flaws:
* You could only have one /etc/pam.d/ file for apache, so if you wanted different styles of authentication you are out of luck. doh.
* the pam smb module doesn't support groups, so I couldn't have an area just for Teachers only.
@@ -134,5 +134,8 @@
print "Password for $uid changed in AD\n";
exit 0;
----
+
+Another good method for authentication with apache is to use one of the webISO's (web initial sign on) see http://middleware.internet2.edu/webiso/ . In particular the webISO provided by http://www.pubcookie.org is flexible and can be used with IIS aswell. It can either authenticate against LDAP, kerberos, unix password file (/etc/shadow), or pam modules. It give single sign on to web apps.
+
CategoryInteroperability