You should also check out http://sourceforge.net/projects/modgssapache/ and http://sourceforge.net/projects/modauthkerb.
I recently added support for Apache 1.3 to mod_spnego, which is part of http://sourceforge.net/projects/modgssapache/. After these changes are tested on Linux, documented (in mod_spnego/readme.txt) and packaged (which should happen next week), mod_spnego will support Apache 1.3 and 2.0 on Linux, Solaris and Windows.
Frank
From: Wyllys Ingersoll <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: Sanjay <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: kerberos for Microsoft IIS/any http server? Date: 25 Nov 2003 16:56:40 -0500
Check out http://negotiateauth.mozdev.org This guy has an extension for mozilla for supporting Microsoft's Negotiate mechanism. However, his version currently only supports Heimdal's Kerberos/GSSAPI. This site also has links to Apache plugins which support the IIS negotiate method.
Also take a look at http://bugzilla.mozilla.org/show_bug.cgi?id=17578
I posted a more generalized patch for Mozilla which *should* be able to compile with Heimdal, MIT, or Solaris Kerberos implementations. It likely will not appear in Mozilla until release 1.7, though. In the meantime, extensions for Mozilla 1.5 (and 1.6) should start appearing sometime in the near future.
You don't mention what browser you are using or what OS platform you are using.
-Wyllys
On Mon, 2003-11-24 at 15:10, Sanjay wrote:
> Hi,
>
> Is there a simple howto on getting a Win2K client, logged on to Active
> Directory (AD) domain, get a file from IIS server (running on AD server)
> with Kerberos authentication ..?
>
> -- IIS server is running on the Active Directory server (win2k domain
> server).
> Win2k Server, SP2
> IIS 5.0
> -- Win2K client is having SP2 & IE 5.5 SP2.
>
> With network tracing, I see IIS sends back WWW-Authenticate headers of
> Negotiate first, and then NTLM, but for some reason, Win2k client picks up
> the NTLM related handshake, not Negotiate.
>
> During Windows logon on this client, I made sure that I use a sample user
> login from the above AD domain, and also made sure that Kerberos was
> exchanged between the client and AD KDC server.
>
> Now, how do I get the Kerberos handshake going over HTTP against IIS that is
> running on the same AD server ?
>
> Anyone got this going against any other HTTP server (Apache?)
>
> tia,
> Sanjay
>
>
> ________________________________________________
> Kerberos mailing list [EMAIL PROTECTED]
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Wyllys Ingersoll <[EMAIL PROTECTED]>
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
_________________________________________________________________
Say �goodbye� to busy signals and slow downloads with a high-speed Internet connection! Prices start at less than $1 a day average. https://broadband.msn.com (Prices may vary by service area.)
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
