-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A bare-minimum document is up at http://oslabs.mikro-net.com/krb_apache.html It assumes samba-ads install along with all that entails. Hope it helps.
Michael Andrew Bartlett wrote: > On Sat, 2005-06-04 at 09:46 -0700, Michael Brown wrote: > >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>Thanks Samba Team! >>I was able to utilize AD kerberos authentication to apache using >>mod_auth_kerb and samba. The 'net ads keytab create' enabled me to >>create a machine keytab for the webserver. The 'net ads keytab add' >>feature enabled me to add an 'HTTP' service principal to this keytab, >>which shows up in the AD machine object's attributes. I did not have to >>create a user in AD and map the attributes (as in this doc: >>http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp), >>so for all intents and purposes this is a seamless operation. >>AD single sign on using GSSAPI is working for windows firefox and >>internet exploiter clients beautifully! >> I will be writing up a doc on this soon (this weekend) at >>oslabs.mikro-net.com. > > > Make sure to bring all documentation to the attention of jht (cc'd). It > is very good to see this working. > > Should you find yourself needing the NTLM side of things, look at: > > http://samba.org/ftp/unpacked/lorikeet/mod_ntlm_winbind/ > > Andrew Bartlett > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCo03+KgGND9z3oKwRAl63AKCLKHJI0cTDkFchmEbHyqYfKB2ucQCgjfxb 8Ss/C6yB1pyHilk5fDPXEm0= =qMEG -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba