Nikola Milutinovic wrote:
Wyllys Ingersoll wrote:
Travis Crawford wrote:
What Apache module(s) are compatible with the Kerberos implementation
in Mozilla 1.7b? A couple modules are available: mod_auth_kerb and
mod_auth_gss_krb5.
So far I set up mod_auth_kerb and can login by entering my username
and password in the browser, but it's not automatic. I haven't tried
mod_auth_gss_krb5 because it seems a bit rough around the edges.
What's the recommended way to configure your Apache web server for
Kerberos authentication through Mozilla? Thanks.
Any comment on these various modules?
I ran into Kerberos Mods for Apache, but they were not using
HTTP/NEGOTIATE, but HTTP/BASIC and Apache was acting as a Kerberos
client, not server. The one that lets Apache act as a server and browser
act like a Kerberos client, is mod_negotiate. It is for MIT Kerberos and
I'm taking some time converting it to Heimdal.
Any module that just has the server authenticating on behalf of the
client and involves sending name/password over the wire with Basic auth
is just not very interesting (at least to me).
Also, as far as I can tell "mod_negotiate" is used for negotiating
some sort of HTML content, its not related to authentication negotiation
at all. Perhaps I didn't find the right module though.
Daniel Kouril's mod_auth_kerb is a pretty good implementation and
does the "right thing" w.r.t using GSSAPI authentication correctly.
It does have a fallback scenario where it will use Basic auth
to then request tickets on behalf of the client, but that can be
removed easily enough.
-Wyllys
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
