Michael Ströder <[EMAIL PROTECTED]> writes:
> Russ Allbery wrote:
>> (If you use Firefox, you don't have to actually be a member of the
>> domain; you can use a different mechanism for getting Kerberos tickets,
>> such as NIM.)
> What is NIM?
Network Identity Manager, although properly speaking
"Michael B Allen" <[EMAIL PROTECTED]> writes:
> If you read the whole thread you'd know I'm only talking about the
> *IntrAnet* scenario. With SPNEGO you do not type in a passwords at all
> whereas with WebAuth you might need to.
You're making a bogus comparison. If you don't have to type in pas
"Michael B Allen" <[EMAIL PROTECTED]> writes:
> On Thu, Jul 17, 2008 at 6:46 PM, Russ Allbery <[EMAIL PROTECTED]> wrote:
>> If by "better" you mean "pretty much the same," yes, modulo the
>> configuration note that I mentioned.
> No, I definitely meant "better".
> With direct SPNEGO we 401 the i
On Thu, Jul 17, 2008 at 9:52 PM, Christopher D. Clausen
<[EMAIL PROTECTED]> wrote:
>> With Plexcel we can do SPNEGO, check group membership (we extract the
>> group SIDs from the PAC), app-level access to basic user info and a
>> get TGT without talking to a third party at all. The time between the
Michael B Allen <[EMAIL PROTECTED]> wrote:
> On Thu, Jul 17, 2008 at 6:46 PM, Russ Allbery <[EMAIL PROTECTED]>
> wrote:
>>> And that is the scenario where direct SPNEGO / NTLMSSP solutions are
>>> going to perform better.
>>
>> If by "better" you mean "pretty much the same," yes, modulo the
>> conf
On Thu, Jul 17, 2008 at 6:46 PM, Russ Allbery <[EMAIL PROTECTED]> wrote:
>> And that is the scenario where direct SPNEGO / NTLMSSP solutions are
>> going to perform better.
>
> If by "better" you mean "pretty much the same," yes, modulo the
> configuration note that I mentioned.
No, I definitely m
Russ Allbery wrote:
> (If you use
> Firefox, you don't have to actually be a member of the domain; you can use
> a different mechanism for getting Kerberos tickets, such as NIM.)
What is NIM?
Ciao, Michael.
Kerberos mailing list Kerberos@
"Michael B Allen" <[EMAIL PROTECTED]> writes:
> On Thu, Jul 17, 2008 at 5:01 PM, Russ Allbery <[EMAIL PROTECTED]> wrote:
>> Well, no, they're double sign-on because the central server usually has
>> to prompt you for a password. But if the central server implements
>> Negotiate-Auth and the brows
On Thu, Jul 17, 2008 at 5:01 PM, Russ Allbery <[EMAIL PROTECTED]> wrote:
> "Michael B Allen" <[EMAIL PROTECTED]> writes:
>> and, more important, they do not give you true single-sign-on
>> behavior. They're more like "double sign on" because you have to login
>> to a central server and they get red
"Michael B Allen" <[EMAIL PROTECTED]> writes:
> For example, you mentioned WebAuth and CoSign. Both of these solutions
> are really targeted for highly heterogeneous environments like
> University networks where the only client requirement is that the
> browser support cookies. So it works on the
"Sharad Desai" <[EMAIL PROTECTED]> writes:
> Thanks Russ.
>
>> Given your platform constraints and desire to avoid Active Directory, I
>> think Cosign is definitely your best option. However, I believe that
>> you will need a UNIX server to run the Cosign login daemon, even though
>> you can use I
Sharad Desai wrote:
>> You may want to search for SPNEGO and mod_auth_kerb. Windows IE and IIS
>> have SPNEGO built in, and can use the Kerberos in Active Directory.
>> Apache can use mod_auth_kerb that supports SPNEGO. With FireFox 2 on any
>> platform
>> see the about:config and the network.negot
Oops, let me clarify that last post. After reading it, it sounds as if I am
telling you to look for those resources, which is totally the opposite, I
apologize :).
I meant to ask if it was even theoretically possible to adapt the cron jobs
to run off of IIS instead of a Unix server.
On 7/17/08,
Thanks Russ.
>Given your platform constraints and desire to avoid Active Directory, I
>think Cosign is definitely your best option. However, I believe that you
>will need a UNIX server to run the Cosign login daemon, even though you
>can use IIS for specific web applications. I could be wrong, s
Thanks Mike for your response.
>For example, you mentioned WebAuth and CoSign. Both of these solutions
>are really targeted for highly heterogeneous environments like
>University networks where the only client requirement is that the
>browser support cookies. So it works on the IntrAnet, the IntEr
On Thu, Jul 17, 2008 at 11:01 AM, Sharad Desai <[EMAIL PROTECTED]> wrote:
> Hello,
>
> Thanks for your responses.
>
>> You may want to search for SPNEGO and mod_auth_kerb. Windows IE and IIS
>> have SPNEGO built in, and can use the Kerberos in Active Directory.
>> Apache can use mod_auth_kerb that
"Sharad Desai" <[EMAIL PROTECTED]> writes:
> Also, (I'm not sure how familiar people are with Cosign) since Cosign
> transforms Kerberos authentication to a cookie-based authentication
> which the browsers can use, I was wondering if you have had any
> experience with this.
Given your platform co
Hello,
Thanks for your responses.
> You may want to search for SPNEGO and mod_auth_kerb. Windows IE and IIS
> have SPNEGO built in, and can use the Kerberos in Active Directory.
> Apache can use mod_auth_kerb that supports SPNEGO. With FireFox 2 on any
platform
> see the about:config and the netw
>> I wanted to use Kerberos to authenticate the user. After research, I
>> thought this would make sense. I saw some suggestions using CoSign or
>> WebAuth. I can't use WebAuth because it is only for Linux, and CoSign is
>> written for Apache (but there are ISAPI filters i guess for IIS) and I a
Sharad Desai wrote:
> Hi All,
>
> I was actually interested in implementing a web SSO solution for my
> environment. I have five applications -- all web applications, so a web SSO
> is needed -- and three run off of Windows, while the other two are Unix and
> Linux. Since they are web apps, it
Hi All,
I was actually interested in implementing a web SSO solution for my
environment. I have five applications -- all web applications, so a web SSO
is needed -- and three run off of Windows, while the other two are Unix and
Linux. Since they are web apps, it won't matter from where they are
21 matches
Mail list logo