directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Boorshtein" <mboorsht...@gmail.com>
Subject Re: OT kerberos, iwa and proxys
Date Sat, 02 Jun 2007 00:05:43 GMT
I need to detect a failed login and am investigating possabilities.
If the login fails I need to present the user a form.

Thx
Marc

On 6/1/07, Alex Karasulu <akarasulu@apache.org> wrote:
> What use case is this for or rather what is your aim with a KRB5 proxy?
>
> Alex
>
> On 6/1/07, Marc Boorshtein <mboorshtein@gmail.com> wrote:
> >
> > Nope.  I know that the process of browser-->iis works, I wanted to put
> > a proxy in between. Browser<-->http proxy<-->iis
> >
> > I know all of the spengo stuff is done in headers so I think its ok
> > but I know this list has a lot of kereros knowledge so I wanted to get
> > some input on if the proxy would interfere with the authentication
> > process.
> >
> > Thanks
> > Marc
> >
> > On 6/1/07, Alex Karasulu <akarasulu@apache.org> wrote:
> > > SPNEGO does this.
> > >
> > > Alex
> > >
> > > On 6/1/07, Marc Boorshtein <mboorshtein@gmail.com> wrote:
> > > >
> > > > Thanks
> > > >
> > > > What I'm actually doing is trying to proxy the ticket as part of an
> > > > http request/response but I thought I had heard that kerberos tickets
> > > > could not be proxied unchanged.  It sounds like that's not the case.
> > > > Ill read those links.
> > > >
> > > > Thanks!
> > > > Marc
> > > >
> > > > On 6/1/07, Emmanuel Lecharny <elecharny@apache.org> wrote:
> > > > > Marc Boorshtein a écrit :
> > > > >
> > > > > > All,
> > > > >
> > > > > Hi Marc,
> > > > >
> > > > > >
> > > > > > I've got an kerberos question when cobined with integrated windows
> > > > > > authentication.  Can the process of authenticating the user
to an
> > iis
> > > > > > server be proxied succesfully?
> > > > >
> > > > > so far, I think you just need to enable SPNEGO on you browser to
do
> > so
> > > > > (
> > > >
> > >
> >
> http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/tsec_SPNEGO_config_web.html
> > > > > <
> > > >
> > >
> >
> http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/tsec_SPNEGO_config_web.html
> > > > >)
> > > > >
> > > > > Of couse, this will be helpfull if you are just using a browser...
> > > > > Otherwise, your application will have to implement SPNEGO. FYI, we
> > have
> > > > > written a java codec for this protocol, but it has been sandboxed...
> > > > > Just tell us if you want it to be ressucitated.
> > > > >
> > > > >
> > > > > Emmanuel.
> > > > >
> > > > > >
> > > > > > Thanks for any input.
> > > > > >
> > > > > > Marc
> > > > > >
> > > > > >
> > > > > > On 6/1/07, Alex Karasulu <akarasulu@apache.org> wrote:
> > > > > >
> > > > > >> On 6/1/07, Emmanuel Lecharny <elecharny@gmail.com>
wrote:
> > > > > >>
> > > > > >> SNIP
> > > > > >>
> > > > > >> BasicAttributes to a more ldap compliant BasicAttributesImpl...)
> > > > > >>
> > > > > >>
> > > > > >> What about renaming  BasicAttributesImpl to just
> > LdapAttributes?  Of
> > > > > >> course
> > > > > >> not in the 1.0 branch which would break backwards compatibility
> > of
> > > > > >> partitions but in the 1.5 branch?  Guess really it's the
> 0.9.6branch
> > > > of
> > > > > >> shared for 1.5 of ApacheDS.
> > > > > >>
> > > > > >> Anyway this would be clearer no?
> > > > > >>
> > > > > >> Alex
> > > > > >>
> > > > > >
> > > > >
> > > > >
> > > >
> > >
> >
>

Mime
View raw message