[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: couple socket-connection questions

At 9:45 AM +1000 5/30/03, Luke Howard wrote:
>  >>That's one option, or draft-brezak-spnego-http-03.txt.
>>Actually I thought that was two options, not one, but who's counting?
>Does mod_auth_kerb actually do Kerberos authentication, though? Or
>just validation of a user's cleartext password?

Actually that's mod_auth_krb, not kerb.  They are different apache 
modules and the one without the 'e' is newer.  I found out about it 
from the PostgreSQL manual.  It claims to implement some Microsoft 
IETF-draft which is also supported by Mozilla for getting Kerberos 
credentials forwarded.  If the connection doesn't support the 
IETF-draft then it falls back to getting a name/password via basic 
auth.  With the right options apache will retain the (forwarded or 
created) tgt which can be used by mod_perl (or presumably PHP) to 
authenticate a connection with PostgreSQL.

I haven't actually *done* any of this you understand.  I'm just 
quoting web pages.

If it doesn't work I'm looking for alternatives.  If it does work, 
but it's incompatible with SOAP and people really want to do SOAP 
then I'm still looking for alternatives.  If it does work but doesn't 
cover all the different web browsers we need to support then I'm 
still looking for alternatives.  If. . . ;-)
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu