[19051] in Kerberos
Re: Web auth
daemon@ATHENA.MIT.EDU (David Magda)
Sat Apr 12 10:31:41 2003
From: David Magda <dmagda+netnews@ee.ryerson.ca>
Message-ID: <868yufvmr7.fsf@number6.magda.ca>
Date: 12 Apr 2003 10:00:44 -0400
To: kerberos@MIT.EDU
Errors-To: kerberos-bounces@mit.edu
s.zdrojewski@neticon.it (Sebastian Konstanty Zdrojewski) writes:
> I was thinking to use this solution. The application will run on a
> Linux box phisically located in a DMZ with an SSL layer installed
> to prevent sending plain text passwords.
[...]
You may want to look at: http://modauthkerb.sourceforge.net/
>From the FreeBSD Port pkg-descr:
mod_auth_kerb is an Apache module for authenticating Web
clients in a Kerberos v5 realm. Because the Kerberos
password is transmitted in plain text, this module MUST be
used in conjunction with an encryption-capable Web server (by
default, apache13-modssl). There is no documentation
provided; see the Web site for more details. This package is
built with the KRB5_VERIFY_TICKET and KRB5_SAVE_CREDENTIALS
options, and *without* Kerberos v4 support. In order to
successfully authenticate users, the Web server will need a
keytab file containing a key for the principal
`www/my.host.name.example@MY.REALM.EXAMPLE' which is readable
only by the user Apache runs as; the location of this keytab
defaults to ${LOCALBASE}/etc/apache/keytab but can be
modified in the server configuration.
--
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
