Richard E. Silverman wrote:
>> "MKJ" == Mikkel Kruse Johnsen writes:
> MKJ> I also had a problem getting this to work and it turned out to be
> MKJ> a problem with "mod_auth_kerb" I had to recompile it, using it's
> MKJ> internal GSSAPI support and not MIT Kerberos under RHEL5 Don'
On Sun, 2009-03-08 at 13:00 -0700, Russ Allbery wrote:
> Mikkel Kruse Johnsen writes:
>
> > Firefox: Type "about:config" in the Location bar. Type "nego" in the
> > filter and dobbelt click "network.negotiate-auth.delegation-uris" and
> > "network.negotiate-auth.trusted-uris" and type in your dom
On 10/03/2009, at 12:10 PM, Russ Allbery wrote:
> "Loren M. Lang" writes:
>
>> Isn't a feature of Kerberos to be able to limit the powers that one
>> delegates using proxiable tickets? If I understand correctly, it
>> should
>> be possible to delegate for the server to impersonate you only to
"Loren M. Lang" writes:
> Isn't a feature of Kerberos to be able to limit the powers that one
> delegates using proxiable tickets? If I understand correctly, it should
> be possible to delegate for the server to impersonate you only to the
> LDAP service on host ldap.example.com instead of forwa
Mikkel Kruse Johnsen wrote:
>> Hello,
>>
>> I have a few more questions
>>
[...]
>
> To get the browsers to forward tickets you need to:
>
> Firefox: Type "about:config" in the Location bar. Type "nego" in the
> filter and dobbelt click "network.negotiate-auth.delegation-uris" and
> "network.ne
Henrik Hodne wrote:
> On Sat, Mar 7, 2009 at 10:45 AM, Mikkel Kruse Johnsen wrote:
>
>> Yes, that is possible.
>>
>> You need to set your LDAP to authenticate using SASL like this:
>>
>> # SASL
>> sasl-host kerberos.cbs.dk
>> sasl-realm CBS.DK
>> sasl-secpropnoplain,noanonymous,mins
> "MKJ" == Mikkel Kruse Johnsen writes:
>> Hello,
>>
>> I have a few more questions
>>
>>
>> On Sat, Mar 7, 2009 at 10:45 AM, Mikkel Kruse Johnsen
>> wrote:
>>
>> Hi Henrik
>>
>> Yes, that is possible.
>>
>> You need to set your LDAP
Mikkel Kruse Johnsen writes:
> Firefox: Type "about:config" in the Location bar. Type "nego" in the
> filter and dobbelt click "network.negotiate-auth.delegation-uris" and
> "network.negotiate-auth.trusted-uris" and type in your domain name (in
> my example I have "cbs.dk" in both)
Be aware that
> Hello,
>
> I have a few more questions
>
>
> On Sat, Mar 7, 2009 at 10:45 AM, Mikkel Kruse Johnsen
> wrote:
>
> Hi Henrik
>
> Yes, that is possible.
>
> You need to set your LDAP to authenticate using SASL like
> this:
>
> #
Hello,
I have a few more questions
On Sat, Mar 7, 2009 at 10:45 AM, Mikkel Kruse Johnsen wrote:
> Hi Henrik
>
> Yes, that is possible.
>
> You need to set your LDAP to authenticate using SASL like this:
>
> # SASL
> sasl-host kerberos.cbs.dk
> sasl-realm CBS.DK
> sasl-secpropnopl
Hi Henrik
Yes, that is possible.
You need to set your LDAP to authenticate using SASL like this:
# SASL
sasl-host kerberos.cbs.dk
sasl-realm CBS.DK
sasl-secpropnoplain,noanonymous,minssf=112
sasl-regexp uid=(.*),cn=CBS.DK,cn=GSSAPI,cn=auth
uid=$1,ou=People,dc=c
Hello,
I am in the process of creating a web panel to change LDAP attributes. The
web panel is currently using mod_auth_kerb to authenticate, which is working
beautifully. What we need is to authenticate to the LDAP server with that
ticket. Is that even possible?
-Henrik
_
12 matches
Mail list logo
