[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos support in standard services

On Wed, 2005-07-06 at 23:30 -0400, Karsten K√ľnne wrote:
> On Wednesday 06 July 2005 20:16, sxw@dcs.ed.ac.uk wrote:
> > On Thu, 7 Jul 2005, Brian May wrote:
> >
> > > Once-upon-a-time there was an Apache module for Kerberos
> > > authentication. It seemed a bit pointless at the time, because no
> > > clients supported it. Also SASL would be better... What is the current
> > > status of this module. Does it still exist?
> >
> > Possibly not the module you're thinking of (there were a number of
> > mod_auth_kerb auth modules that just took the user's password and slung it
> > at the KDC - not really real Kerberos). But there is now code to support
> > Microsoft's HTTP-Negotiate mechanism (GSSAPI/SPNEGO/Kerberos HTTP
> > authentication) as an Apache module. HTTP-Negotiate is also supported in
> > recent Mozilla and Firefox builds.
> >
> The Apache module (mod_auth_kerb) works very well. On the client side 
> HTTP-Negotiate authentication is also available in Konqueror (actually it's 
> in the kio_http ioslave) and I also hacked it into Lynx (but I never got 
> around to send patches back).

Mozilla Firefox has such support, including interestingly support for
this in for proxy authentication (proxy auth in the snapshots, not the
1.0 release).

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part