directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Boorshtein" <mboorsht...@gmail.com>
Subject Re: OT kerberos, iwa and proxys
Date Fri, 01 Jun 2007 23:37:34 GMT
Nope.  I know that the process of browser-->iis works, I wanted to put
a proxy in between. Browser<-->http proxy<-->iis

I know all of the spengo stuff is done in headers so I think its ok
but I know this list has a lot of kereros knowledge so I wanted to get
some input on if the proxy would interfere with the authentication
process.

Thanks
Marc

On 6/1/07, Alex Karasulu <akarasulu@apache.org> wrote:
> SPNEGO does this.
>
> Alex
>
> On 6/1/07, Marc Boorshtein <mboorshtein@gmail.com> wrote:
> >
> > Thanks
> >
> > What I'm actually doing is trying to proxy the ticket as part of an
> > http request/response but I thought I had heard that kerberos tickets
> > could not be proxied unchanged.  It sounds like that's not the case.
> > Ill read those links.
> >
> > Thanks!
> > Marc
> >
> > On 6/1/07, Emmanuel Lecharny <elecharny@apache.org> wrote:
> > > Marc Boorshtein a écrit :
> > >
> > > > All,
> > >
> > > Hi Marc,
> > >
> > > >
> > > > I've got an kerberos question when cobined with integrated windows
> > > > authentication.  Can the process of authenticating the user to an iis
> > > > server be proxied succesfully?
> > >
> > > so far, I think you just need to enable SPNEGO on you browser to do so
> > > (
> >
> http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/tsec_SPNEGO_config_web.html
> > > <
> >
> http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/tsec_SPNEGO_config_web.html
> > >)
> > >
> > > Of couse, this will be helpfull if you are just using a browser...
> > > Otherwise, your application will have to implement SPNEGO. FYI, we have
> > > written a java codec for this protocol, but it has been sandboxed...
> > > Just tell us if you want it to be ressucitated.
> > >
> > >
> > > Emmanuel.
> > >
> > > >
> > > > Thanks for any input.
> > > >
> > > > Marc
> > > >
> > > >
> > > > On 6/1/07, Alex Karasulu <akarasulu@apache.org> wrote:
> > > >
> > > >> On 6/1/07, Emmanuel Lecharny <elecharny@gmail.com> wrote:
> > > >>
> > > >> SNIP
> > > >>
> > > >> BasicAttributes to a more ldap compliant BasicAttributesImpl...)
> > > >>
> > > >>
> > > >> What about renaming  BasicAttributesImpl to just LdapAttributes? 
Of
> > > >> course
> > > >> not in the 1.0 branch which would break backwards compatibility of
> > > >> partitions but in the 1.5 branch?  Guess really it's the 0.9.6 branch
> > of
> > > >> shared for 1.5 of ApacheDS.
> > > >>
> > > >> Anyway this would be clearer no?
> > > >>
> > > >> Alex
> > > >>
> > > >
> > >
> > >
> >
>

Mime
View raw message