On Tue, 2004-02-24 at 04:00, Lukas Kubin wrote: > Thank you for answer. > The reason why I found this thread was to find which (additional) > products I need to to create a web page accessible through webserver > (Apache) when a user (client on Windows or Linux) has a valid MIT K5 > ticket in their cache. > > - is there any existing browser (for both Windows and Linux) suitable fo > r this?
Internet Explorer has support today or Mozilla with the additional "negotiateauth" extension (planned to be in the upcoming 1.7 release). > - how does it work? does the webserver receive user's TGT or what? The browser and web server exchange GSSAPI tokens encoded in the HTTP header. The GSSAPI tokens are created from the HTTP service ticket that the browser gets from the KDC using the TGT. TGTs are never used directly for authentication, they are only used to get the service tickets. -Wyllys ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos