Hallo all! In our small corporate we decided some time ago that in our intranet "all" (when possible) services we write should use kerberos to authenticate the users. This way we can have a central location to store all identities and we can propagate the user identity from service to service using forwardable tickets (well... this is what kerberos was designed for :)). As it happens to be, some of our applications need to be accessed from the evil internet, and the users accessing them can't access our KDC to get a TGT, so we use Microsofts ISA server to make the transition from Forms Based authentication to kerberos tickets. Let me explain this part just to be sure we are talking about the same stuff: ISA shows the user a form asking for a username and a password, uses this credentials to get a TGT from the KDC and then uses that ticket to authenticate to the applications in our intranet on behalf of the user. ISA keeps a list of SSO-Cookie-Values and kerberos tokens, so it can talk cookies to the user and kerberos to the backend applications. Now my question: is there something like this for linux? I just need this basic functionality, and I think I may be able to implement this myself in a few weeks, but I think such a critical application is better done as an open source app (more eyes ecc. ecc. ecc.).
Thank you for any pointers. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
