[30460] in Kerberos
Re: Kerberos protocol transition for linux?
daemon@ATHENA.MIT.EDU (Michael B Allen)
Wed Nov 19 11:08:29 2008
Message-ID: <78c6bd860811190807i28e4fe0fr101c8417c550ee87@mail.gmail.com>
Date: Wed, 19 Nov 2008 11:07:36 -0500
From: "Michael B Allen" <ioplex@gmail.com>
To: kerberos@mit.edu
In-Reply-To: <492331e7$0$1080$4fafbaef@reader1.news.tin.it>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, Nov 18, 2008 at 4:21 PM, S2 <some.r@ndom.mail.invalid> wrote:
> Hallo all!
> In our small corporate we decided some time ago that in our intranet
> "all" (when possible) services we write should use kerberos to
> authenticate the users. This way we can have a central location to store
> all identities and we can propagate the user identity from service to
> service using forwardable tickets (well... this is what kerberos was
> designed for :)).
> As it happens to be, some of our applications need to be accessed from
> the evil internet, and the users accessing them can't access our KDC to
> get a TGT, so we use Microsofts ISA server to make the transition from
> Forms Based authentication to kerberos tickets. Let me explain this part
> just to be sure we are talking about the same stuff: ISA shows the user a
> form asking for a username and a password, uses this credentials to get a
> TGT from the KDC and then uses that ticket to authenticate to the
> applications in our intranet on behalf of the user. ISA keeps a list of
> SSO-Cookie-Values and kerberos tokens, so it can talk cookies to the user
> and kerberos to the backend applications.
> Now my question: is there something like this for linux?
If you have PHP see the link in my sig about Plexcel. It certainly
could do what you describe.
Mike
PS: The '.invalid' address in your email actually stops gmail from
sending directly to you. You might want to try a valid TLD.
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
