[modauthkerb] Using mod_auth_kerb with ISA
Brought to you by:
kouril
From: Neil B. <Nei...@fr...> - 2009-12-14 14:20:50
|
Hi, We have successfully got mod_auth_kerb authenticating for internal use. Where we're struggling with is getting it to work when we have staff offsite coming in through our ISA reverse proxy. ISA is sending on usernames to Apache as domain\username not just username and I haven't been able to find any way to stop that on ISA. Using the CVS HEAD of mod_auth_kerb and Apache with LogLevel set to debug this can be seen; [Mon Dec 14 13:36:52 2009] [debug] src/mod_auth_kerb.c(704): [client 193.195.75.66] Trying to get TGT for user <DOMAIN>\\<USERNAME>@<REALM>, referer: https://url/CookieAuth.dll?GetLogon?curl=Z2F&reason=4&formdir=3 Apache configured as per the discussion thread "htpasswd fallback when mod_auth_kerb fails" from March (http://tinyurl.com/yelybp9) combined with a faked up password file with domain\username entries does work transparently through ISA but we then lose negotiate and everyone working internally gets popups. Does anyone have any recommendations for a way to resolve this? Thanks, Neil. |