[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos support in standard services



On Wed, 2005-07-06 at 23:30 -0400, Karsten K√ľnne wrote:
> On Wednesday 06 July 2005 20:16, sxw@dcs.ed.ac.uk wrote:
> > On Thu, 7 Jul 2005, Brian May wrote:
> >
> > > Once-upon-a-time there was an Apache module for Kerberos
> > > authentication. It seemed a bit pointless at the time, because no
> > > clients supported it. Also SASL would be better... What is the current
> > > status of this module. Does it still exist?
> >
> > Possibly not the module you're thinking of (there were a number of
> > mod_auth_kerb auth modules that just took the user's password and slung it
> > at the KDC - not really real Kerberos). But there is now code to support
> > Microsoft's HTTP-Negotiate mechanism (GSSAPI/SPNEGO/Kerberos HTTP
> > authentication) as an Apache module. HTTP-Negotiate is also supported in
> > recent Mozilla and Firefox builds.
> >
> 
> The Apache module (mod_auth_kerb) works very well. On the client side 
> HTTP-Negotiate authentication is also available in Konqueror (actually it's 
> in the kio_http ioslave) and I also hacked it into Lynx (but I never got 
> around to send patches back).

Mozilla Firefox has such support, including interestingly support for
this in for proxy authentication (proxy auth in the snapshots, not the
1.0 release).

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part