On Wed, 16 Apr 2008, Richard Frovarp wrote: > Rainer Schöpf wrote: > > On Wed, 16 Apr 2008, Andreas Hartmann wrote: > > > > > you find more information on this page: > > > http://lenya.apache.org/docs/1_2_x/how-to/ldap_authentication.html > > > > I'm a bit confused. If I understand this correctly, it does not use > > Kerberos for authenticaion. Or does it? > > > > Rainer > > > > > > No, it uses LDAP authentication. I don't know if AD supports that or not.
You mean authentication via the LDAP bind operation, I suppose? This is supported by the AD LDAP server. However, that is not what I meant. For good reasons, AD uses Kerberos for authentication, and LDAP bind with SPNEGO (ie. GSS). > I > have hacked a version of the LDAP authentication to use LDAP and Kerberos. It > isn't that hard to do, and I could perhaps provide some example code on how > my stuff works. Thanks, I'm definitely interested. I'm busy with something else right now, so I'll take up your offer later. I'm looking for integrated authentication. Recently I found a very interesting paper on the port25 website, explaining how to integrate the apache webserver with mod_auth_kerberos and Windows Kerberos: http://port25.technet.com/archive/2008/01/25/technical-analysis-apache-with-mod-auth-kerb-and-windows-server.aspx I have a working example in a test environment: with a valid Kerberos ticket I can access the protected area on my web site with IE from a Windows workstation and with Firefox from Linux. The next step would be implement SPNEGO authentication for the servlet container. http://appliedcrypto.com has some papers on this. Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
