httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [users@httpd] SPNEGO module for Apache
Date Thu, 17 Mar 2005 23:27:23 GMT

I was wondering if anyone has encountered any security concern/issues while
implementing Vintela's SPNEGO < >.  SPNEGO provides a
single-sign-on in a KERBEROS enabled environment. Basically it allows web
applications to automatically authenticate clients who have valid Kerberos

I am planning to install the mod_spnego module on a apache server, that
will enable the client to single-sign-on to our internal application, if
they are part of our AD.

One possible concern is the increase of CSRF type of attacks, but that is
the case with any single-sign-on solution.

There is also the mod_spnego available on any experiences
with that?

Saqib Ali

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message