On Tue, Nov 18, 2008 at 4:21 PM, S2 <[EMAIL PROTECTED]> wrote: > Hallo all! > In our small corporate we decided some time ago that in our intranet > "all" (when possible) services we write should use kerberos to > authenticate the users. This way we can have a central location to store > all identities and we can propagate the user identity from service to > service using forwardable tickets (well... this is what kerberos was > designed for :)). > As it happens to be, some of our applications need to be accessed from > the evil internet, and the users accessing them can't access our KDC to > get a TGT, so we use Microsofts ISA server to make the transition from > Forms Based authentication to kerberos tickets. Let me explain this part > just to be sure we are talking about the same stuff: ISA shows the user a > form asking for a username and a password, uses this credentials to get a > TGT from the KDC and then uses that ticket to authenticate to the > applications in our intranet on behalf of the user. ISA keeps a list of > SSO-Cookie-Values and kerberos tokens, so it can talk cookies to the user > and kerberos to the backend applications. > Now my question: is there something like this for linux?
If you have PHP see the link in my sig about Plexcel. It certainly could do what you describe. Mike PS: The '.invalid' address in your email actually stops gmail from sending directly to you. You might want to try a valid TLD. -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
