Am Sonntag, 28. Januar 2007 23:20 schrieb Michael B Allen: > On Sun, 28 Jan 2007 19:51:20 +0100 > > Stefan Gohmann <[EMAIL PROTECTED]> wrote: > > Hi Henry, > > > > Am Freitag, 26. Januar 2007 20:22 schrieb Henry B. Hotz: > > > I had an exchange with Jeffrey Altman on MIT's krbdev list where I > > > worked through all the config items in Mozilla relatives to make a > > > Windows client use the Kerberos libraries in KfW. You ought to be > > > able to find it with Google. It works. > > > > that's very nice. > > > > > MS IE will always use the Microsoft kerberos implementation and the > > > tickets in the LSA. > > > > Does that mean, it is not possible that the MS IE uses the ticket from > > the Heimdal KDC? > > Not quite. IE could get a ticket from a Heimdal KDC but it would only > do so by going through the Local Security Authoriy (LSA). Meaning, > if you could run Heimdal client libs on a Windows client and the libs > used some kind of ccache file, IE would not be able to use it. The > Heimdal port would have use the credential cache associated with the > logon session. Meaning it would have to have some LSA code to store and > retrieve credentials (code that MIT has and could largely be copied). > > Personally however I don't understand why someone would want to run > alternative Kerberos libraries on a Windows client. Unless perhaps you're > porting some *nix software that uses the MIT/Heimdal API maybe.
Thanks for your answer. Maybe it helps, if I explan what I want to do. I have a Linux server with Heimdal KDC, Samba3, Apache with mod_auth_kerb and a Windows XP Client, which is member in the Samba3 domain. After the user logon on the windows client the user should get a kerberos ticket, so that he could do a single sign on to the Apache server with his Internet Explorer. Do I have other options as using the KfW libraries? Cheers Stefan > Mike > > > Cheers > > Stefan > > > > > On Jan 21, 2007, at 10:11 PM, Stefan Gohmann wrote: > > > > Am Sonntag, 14. Januar 2007 01:08 schrieb Phil Pennock: > > > >> Myself, I don't have our Windows laptop use Kerberos to sign-in; > > > >> instead, I want it to be able to get Kerberos credentials after > > > >> sign-in > > > >> before access services. For that, I use MIT Kerberos for Windows, > > > >> which > > > >> I can confirm works on XP Home and XP Pro with a Heimdal KDC > > > >> (server). > > > >> It works with Firefox and Thunderbird, with appropriate about:config > > > >> tinkering, and with Mulberry (another free mail client). > > > > > > > > Is it possible, that the internet explorer also use these ticket? > > > > > > > > Cheers > > > > Stefan > > > > > > > > -- > > > > Stefan Gohmann Entwicklung [EMAIL PROTECTED] > > > > Univention GmbH Linux for your Business fon: +49 421 22 232- > > > > 0 Mary-Somerville-Str.1 28359 Bremen fax: +49 421 22 > > > > 232-99 http://www.univention.de > > > > > > ----------------------------------------------------------------------- > > >- The opinions expressed in this message are mine, > > > not those of Caltech, JPL, NASA, or the US Government. > > > [EMAIL PROTECTED], or [EMAIL PROTECTED] > > > > -- > > Stefan Gohmann Entwicklung [EMAIL PROTECTED] > > Univention GmbH Linux for your Business fon: +49 421 22 232- 0 > > Mary-Somerville-Str.1 28359 Bremen fax: +49 421 22 232-99 > > http://www.univention.de -- Stefan Gohmann Entwicklung [EMAIL PROTECTED] Univention GmbH Linux for your Business fon: +49 421 22 232- 0 Mary-Somerville-Str.1 28359 Bremen fax: +49 421 22 232-99 http://www.univention.de