On Thursday 24 Feb 2011 07:56:13 john s. wrote: > So recap aggain : > > - Apache Server with an kerberos module ( which?)
mod_auth_kerb > - configure RT for kerberosmodule for apache > - and an entry in htacess for athentification with the AD > - an browser entry to get access to rt-server ( work ip's adresses also?) Kerberos will attempt a reverse DNS lookup on the IP address to determine which principal name it should use for authenticating the server. (Kerberos provides mutual authentication; it insists on verifying that the server is the correct server as well as providing the users own credentials.) In practice, you either need fully working forward and reverse DNS, or you need a fairly deep understanding of how Kerberos works so you can figure out which bits of DNS you could safely omit. > How is this procedure called?... if i searching in the the net i only found > methods to authentificate via kerberos without the windows logon. > *confusing A Windows Active Directory logon *is* a Kerberos logon, since AD uses Kerberos. By logging on to an Active Directory domain, you already have Kerberos credentials. By configuring your web server and browser as I outlined previously, you can instruct Windows to pass on these credentials to the web server transparently. Everything will (eventually) appear to work magically. :) Michael
