Dear Abbas, > I really need SPNEGO Kerberos authentication with mod_auth_kerb. > > I have followed the excellent tutorial on how to set this at > http://www.grolmsnet.de/kerbtut/
Very good link, thanks. > > but still, the HTTP header file has > > WWW-Authenticate negotiate > WWW-Authenticate Basic realm="Kerberos Login" > > and asks the user to enter his username and password. > >From my experience (using IIS/IE only, YMMV) if the server proposes both Negotiate and Basic, the browser will use Negotiate if possible. If it can't use Negotiate then the client will fall back to Basic and prompt for user and password. > <snip> > I believe I need to set: > KrbMethodNegotiate on > KrbMethodK5Passwd off > > and place my webserver in the intranet zone in IE. This is correct, as per the link you sent: "KrbMethodNegotiate controls if your webserver uses SPNEGO Kerberos. KrbMethodK5Passwd controls if your webserver uses BasicAuth with KDC as userdatabase" Set KrbMethodK5Passwd to off to avoid being prompted for user and password. Of course that this will make impossible for users not authenticated on Kerberos to access the resources. > Please let me know, so that when i go to work tomorrow i can implement > these changes. > thanks. Hope that helps. Regards, Silvio Gissi ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
