I have web server for company internal use. All users in company are in windows domain and almost every one using internet explorer. The goal is to make apache web server to recognize domain user and automaticly put username under submitted comments. By far I found solution to make users authorize using kerberos authentication method. Works fine. Hardest part is that I need to allow unauthorized users also access same area without authentication with some limitations. To achieve this i have created 2 aliases protected and unpretected. Unpreotected is a simbolic link to same content as protected. So if you fail to authorize than you are forwareded to unprotected which one dont ask for authentication. So here is whats have been done so far: /apache/conf/httpd.conf: Alias /protected "/http/test/" Alias /unprotected "/http/test2/" # this is simbolic linkt to /http/test ErrorDocument 401 "/401.php" <Location "/protected" > AuthType Kerberos KrbAuthRealms DOMAIN.COM KrbServiceName HTTP Krb5Keytab /etc/krb5.keytab KrbMethodNegotiate on KrbMethodK5Passwd off require valid-user </Location> 401.php: <?php if(!$_SERVER['REMOTE_USER']) header("Location:/unprotected"); ?> The wierdest part is that whan I go to /http/test/ with authorized domain user it redirects to unprotected location anyway. If i put anything else in 401.php but not header(location) than 401.php is never executed. Why?