On Wed, 12 Mar 2003, Bill Stoddard wrote:
Anyone have any first hand experience with kerberos authentication in the server?
.. well - we have ripped code out of telnet(d) from KTH-their Heimdal's on *BSD to do this for a finance customer - who had some (silly but golden) policy which made kerberos the only acceptable auth method across certain internal network boundaries.
But we only did auth; nothing else; and only between an apache server and an apache proxy. Not between server and client. Nor did we anything like the '-x' from telnetd for encryption.
It worked well, fast and reliable - which was a surprize as the use you now make of Kerberos is quite different than say, for telnet or an x-display; lots of concurrent auths for lots of connections.
See also
http://modauthkerb.sourceforge.net/
which is a local kerb auth (i.e. the password goes basic auth over http) and
http://meta.cesnet.cz/software/heimdal/mod_auth_kerb.c
which is a hack on the above for the real thing. (It is listed on that page - but not linked in).
Do you need it for anything specific ? Can I help ?
I got a question from a collegue about getting 'Negotiate' working with IE. My short answer was 'I have no idea' but it looked interesting enough to ask the folks on [EMAIL PROTECTED]
Bill
