Web-server – Apache Kerberos Authentication with LDAP Authorization: access to / failed, reason: require directives present and no Authoritative handler

I am trying to get a VirtualHost (well multiple VirutalHosts) up and running with kerberos authentication and group requirements.

My latest configuration within the <Directory> directive looks like this:

AllowOverride None
Order allow,deny
allow from all

AuthType Kerberos
AuthName "Kerberos Realm Login"
KrbAuthRealm LAN
Krb5KeyTab /etc/apache2/auth/apache2.keytab

KrbMethodK5Passwd On

KrbSaveCredentials On
KrbLocalUserMapping On
AuthzLDAPAuthoritative On

Require ldap-group devel

Testing this, after entering correct credentials, I get the following error:

 access to / failed, reason: 
          require directives present and no Authoritative handler.

When entering wrong Kerberos credentials, it will deny access altogether. So authentication works, but it seems to not be able to check for the group requirement.

The server also has PAM configured to work with the same Kerberos realm and LDAP database.

I have found that "Require valid-user" gives the same error, but "Require user username" does not.

How can I properly configure this to keep authenticating against Kerberos and authorize it again LDAP?

I am using apache2.2.20 on Ubuntu 11.10 x64.

Best Answer

The documentation for mod_authnz_ldap suggests that AuthzLDAPAuthoritative is for authentication:

Description: Prevent other authentication modules from authenticating the user if this one fails

You should try toggling this off to see if that will allow the kerberos authentication to succeed (yet still require the group membership).

Best Answer

Related Solutions

Centos – WebDAV on CentOS – getting 403 error when attempt to upload

Debian – Apache + LDAP Auth: access to / failed, reason: require directives present and no Authoritative handler

Related Topic