[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: couple socket-connection questions
At 9:45 AM +1000 5/30/03, Luke Howard wrote:
> >>That's one option, or draft-brezak-spnego-http-03.txt.
>>Actually I thought that was two options, not one, but who's counting?
>Does mod_auth_kerb actually do Kerberos authentication, though? Or
>just validation of a user's cleartext password?
Actually that's mod_auth_krb, not kerb. They are different apache
modules and the one without the 'e' is newer. I found out about it
from the PostgreSQL manual. It claims to implement some Microsoft
IETF-draft which is also supported by Mozilla for getting Kerberos
credentials forwarded. If the connection doesn't support the
IETF-draft then it falls back to getting a name/password via basic
auth. With the right options apache will retain the (forwarded or
created) tgt which can be used by mod_perl (or presumably PHP) to
authenticate a connection with PostgreSQL.
I haven't actually *done* any of this you understand. I'm just
quoting web pages.
If it doesn't work I'm looking for alternatives. If it does work,
but it's incompatible with SOAP and people really want to do SOAP
then I'm still looking for alternatives. If it does work but doesn't
cover all the different web browsers we need to support then I'm
still looking for alternatives. If. . . ;-)
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or email@example.com