httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Stoddard <b...@wstoddard.com>
Subject Re: Kerberos authentication
Date Thu, 13 Mar 2003 13:52:59 GMT
Dirk-Willem van Gulik wrote:
> 
> On Wed, 12 Mar 2003, Bill Stoddard wrote:
> 
> 
>>Anyone have any first hand experience with kerberos authentication in
>>the server?
> 
> 
> .. well - we have ripped code out of telnet(d) from KTH-their Heimdal's on
> *BSD to do this for a finance customer - who had some (silly but golden)
> policy which made kerberos the only acceptable auth method across certain
> internal network boundaries.
> 
> But we only did auth; nothing else; and only between an apache server and
> an apache proxy. Not between server and client. Nor did we anything like
> the '-x' from telnetd for encryption.
> 
> It worked well, fast and reliable - which was a surprize as the use you
> now make of Kerberos is quite different than say, for telnet or an
> x-display; lots of concurrent auths for lots of connections.
> 
> See also
> 
> 	http://modauthkerb.sourceforge.net/
> 
> which is a local kerb auth (i.e. the password goes basic auth over http)
> and
> 
> 	http://meta.cesnet.cz/software/heimdal/mod_auth_kerb.c
> 
> which is a hack on the above for the real thing. (It is listed on that
> page - but not linked in).
> 
> Do you need it for anything specific ? Can I help ?
> 

I got a question from a collegue about getting 'Negotiate' working with 
IE. My short answer was 'I have no idea' but it looked interesting 
enough to ask the folks on dev@httpd.

Bill



Mime
View raw message