On Tue, 25 Mar 2003, Wyllys Ingersoll wrote: > Having "proper" Kerberos (or GSSAPI) authentication to the web server requires > a browser which also supports the authentication protocol and currently, as far as I > know, only Microsofts IE supports native GSSAPI authentication and it only works > when talking to an IIS web server.
This is correct. CMU has a browser plug-in for this purpose that goes along with a web server module. See: http://asg.web.cmu.edu/minotaur/ My experience is that it's better to have a solution that does not require a browser plug-in, since this presents a significant barrier to non-expert users. The University of Michigan tried a solution similar to CMU's back in 1995-1997, but this resulted in a lot of extra end-user support calls from users who had problems installing the browser plug-in or didn't know about the need for the browser plug-in at all. > > I was looking around some of the university sites to see if there was a kerberized > > web authentication modules available for testing. My impression was that they had > > been written but nothing publicly available to test. Two additional resources to add to the list: mod_auth_kerb for Apache supports server-side Kerberos 4 and 5 authentication via BasicAuth. http://modauthkerb.sourceforge.net/ cosign supports a Kerberos-enabled web single sign on solution via a secure CGI, Apache and IIS authentication filter modules, and a back-side daemon. Client webservers can receive Kerberos 5 TGTs for users from the central cosign server. Kerberos 4 support is provided via krb524d. Disclaimer: cosign is being written at the University of Michigan and I've contributed to the project, so I'm biased ;) cosign is currently functional, all that remains for a 1.0 release is to complete the documentation. See http://weblogin.org/ Mark Montague LS&A Information Technology The University of Michigan [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
