On 7 Jun 2007, at 15:24, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
mod_auth_kerb works great in the right conditions. You must be using
IE or a newer Firefox. Linux works great (not sure about other Unix
systems). On Windows the two browsers can only acquire credentials
from the LSA
On Fri, 8 Jun 2007 09:00:09 +0100
Simon Wilkinson [EMAIL PROTECTED] wrote:
Ultimately, this means you may need to have a keytab containing
multiple different prinicpals for your service, and have
mod_auth_kerb accept any one of these principals. Unfortunately, the
code isn't there to do
On 8 Jun 2007, at 17:34, Michael B Allen wrote:
On Fri, 8 Jun 2007 09:00:09 +0100
Simon Wilkinson [EMAIL PROTECTED] wrote:
Ultimately, this means you may need to have a keytab containing
multiple different prinicpals for your service, and have
mod_auth_kerb accept any one of these
On Fri, 8 Jun 2007 18:14:38 +0100
Simon Wilkinson [EMAIL PROTECTED] wrote:
Aside: If you're using a single, general purpose, keytab you almost
certainly _don't_ want the GSS_C_NO_CREDENTIAL behaviour - you want
to be sure that your ssh service will only accept 'host/' principals,
for
Simon Wilkinson [EMAIL PROTECTED] writes:
mod_auth_kerb specifies HTTP/gethostname() as its acceptor principal,
unless you override that with a mod_auth_kerb configuration directive,
and even then you can only change it to use a different, single,
principal.
I submitted a patch to fix this
Hello,
I have been requested to build a web app for my medium sized organization
that currently have Kerberos 5 running on the network. The webapp will
require non-technical users to be able to log on remotely through a web
browser (IE only is fine but there must not be any other client programs
Use SPNEGO for kerberos authentication for web apps. And the username
will be set in the REMOTE_HTTP_USER server variable
saqib
http://www.full-disk-encryption.net
On 6/7/07, Steve Webb [EMAIL PROTECTED] wrote:
Hello,
I have been requested to build a web app for my medium sized organization
On 6/7/07, Steve Webb [EMAIL PROTECTED] wrote:
*Q. Can Kerberos be used to authenticate users and a php script then given
access to a users username in order to authorize privilidges??*
From my reading I believe that using the mod_auth_kerb module for Apache in
Negotiation mode may be the
[EMAIL PROTECTED] wrote:
On Windows the two browsers can only acquire credentials
from the LSA which means the workstation needs to be joined to a
domain, I believe.
That isn't true. You can configure FireFox on Windows to use
credentials from Kerberos for Windows ccaches instead of using