lenya-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Schöpf <rainer.scho...@proteosys.com>
Subject Re: Support for Active Directory???
Date Thu, 17 Apr 2008 14:54:33 GMT
On Wed, 16 Apr 2008, Richard Frovarp wrote:

 > Rainer Schöpf wrote:
 > > On Wed, 16 Apr 2008, Andreas Hartmann wrote:
 > > 
 > >  > you find more information on this page:
 > >  > http://lenya.apache.org/docs/1_2_x/how-to/ldap_authentication.html
 > > 
 > > I'm a bit confused. If I understand this correctly, it does not use
 > > Kerberos for authenticaion. Or does it?
 > > 
 > >  Rainer
 > > 
 > >   
 > 
 > No, it uses LDAP authentication. I don't know if AD supports that or not.

You mean authentication via the LDAP bind operation, I suppose? This is 
supported by the AD LDAP server.

However, that is not what I meant. For good reasons, AD uses Kerberos for 
authentication, and LDAP bind with SPNEGO (ie. GSS).

 > I
 > have hacked a version of the LDAP authentication to use LDAP and Kerberos. It
 > isn't that hard to do, and I could perhaps provide some example code on how
 > my stuff works.

Thanks, I'm definitely interested. I'm busy with something else right now, so 
I'll take up your offer later.

I'm looking for integrated authentication. Recently I found a very interesting 
paper on the port25 website, explaining how to integrate the apache webserver 
with mod_auth_kerberos and Windows Kerberos:

 http://port25.technet.com/archive/2008/01/25/technical-analysis-apache-with-mod-auth-kerb-and-windows-server.aspx

I have a working example in a test environment: with a valid Kerberos ticket I 
can access the protected area on my web site with IE from a Windows workstation 
and with Firefox from Linux. 

The next step would be implement SPNEGO authentication for the servlet 
container. http://appliedcrypto.com has some papers on this.

 Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org


Mime
View raw message