Troy,

I've done something similar, but in reverse.  Users authenticate against the MSUnet via Shibboleth, and the Shibboleth Identify Server returns a validated username.  That username is then compared to a database of approved users for that server's services, and if they are on the list, they get access.  All that's needed is to have the Identity Server Administrators agree to return the parameter you need upon successful Shibboleth authentication (it isn't provided automatically).

J.

On 5/19/2010 2:07 PM, Troy Murray wrote:
[log in to unmask]" type="cite"> Hello,

I'm trying to figure out if it's possible, and if so how, to have a sub-directory on my Apache server which is using local authentication instead authenticate against the MSU kerberos or shibboleth services.  

The end result I'm looking for is when a user goes towww.myserver.edu/secure they'll be prompted for their credentials.  The MSUnet ID will be verified against a local list of users allowed to login, then the username and password are authenticated against the MSU services for a success or fail.

Anyone done anything like this on campus?

-- 
Troy Murray