Nope. I know that the process of browser-->iis works, I wanted to put a proxy in between. Browser<-->http proxy<-->iis
I know all of the spengo stuff is done in headers so I think its ok but I know this list has a lot of kereros knowledge so I wanted to get some input on if the proxy would interfere with the authentication process. Thanks Marc On 6/1/07, Alex Karasulu <[EMAIL PROTECTED]> wrote:
SPNEGO does this. Alex On 6/1/07, Marc Boorshtein <[EMAIL PROTECTED]> wrote: > > Thanks > > What I'm actually doing is trying to proxy the ticket as part of an > http request/response but I thought I had heard that kerberos tickets > could not be proxied unchanged. It sounds like that's not the case. > Ill read those links. > > Thanks! > Marc > > On 6/1/07, Emmanuel Lecharny <[EMAIL PROTECTED]> wrote: > > Marc Boorshtein a écrit : > > > > > All, > > > > Hi Marc, > > > > > > > > I've got an kerberos question when cobined with integrated windows > > > authentication. Can the process of authenticating the user to an iis > > > server be proxied succesfully? > > > > so far, I think you just need to enable SPNEGO on you browser to do so > > ( > http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/tsec_SPNEGO_config_web.html > > < > http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/tsec_SPNEGO_config_web.html > >) > > > > Of couse, this will be helpfull if you are just using a browser... > > Otherwise, your application will have to implement SPNEGO. FYI, we have > > written a java codec for this protocol, but it has been sandboxed... > > Just tell us if you want it to be ressucitated. > > > > > > Emmanuel. > > > > > > > > Thanks for any input. > > > > > > Marc > > > > > > > > > On 6/1/07, Alex Karasulu <[EMAIL PROTECTED]> wrote: > > > > > >> On 6/1/07, Emmanuel Lecharny <[EMAIL PROTECTED]> wrote: > > >> > > >> SNIP > > >> > > >> BasicAttributes to a more ldap compliant BasicAttributesImpl...) > > >> > > >> > > >> What about renaming BasicAttributesImpl to just LdapAttributes? Of > > >> course > > >> not in the 1.0 branch which would break backwards compatibility of > > >> partitions but in the 1.5 branch? Guess really it's the 0.9.6 branch > of > > >> shared for 1.5 of ApacheDS. > > >> > > >> Anyway this would be clearer no? > > >> > > >> Alex > > >> > > > > > > > >
