--On Tuesday, December 12, 2006 12:51 PM -0500 Adam Williams
<[EMAIL PROTECTED]> wrote:
and the web site in the middle must forward
them back and forth, including protocol conversion between whatever the
User Agent implements (HTTP digest authentication?) and the SASL library
in the LDAP.
Not likely.
I would guess that there is no ready solution for this but
I admit that I know little of web site programming and the libraries
that might be available there.
Nope.
Stanford University's webauth allows the server to make SASL/GSSAPI binds
to the LDAP server, and check whether or not the user is allowed access to
the particular location based on group membership. It simply does a user
verification if it is ID restricted to kerberos. And it allows SPNEGO for
those browsers that support it so that the user doesn't have to type in
their username/password in those cases.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
