[23968] in Kerberos
Re: kerberos authentication for apache on windows
daemon@ATHENA.MIT.EDU (Klavs Klavsen)
Thu Jun 2 08:17:03 2005
Message-ID: <429EF8AB.2030105@vsen.dk>
Date: Thu, 02 Jun 2005 14:16:43 +0200
From: Klavs Klavsen <kl@vsen.dk>
MIME-Version: 1.0
To: Julien ALLANOS <julien.allanos@aql.fr>
In-Reply-To: <20050602124858.o5gpf3m3bx4cg488@webmail.aql.fr>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
Hi Julien,
I have it working with the modgssapache module - although I'm not sure
that apache module works on anything but Unix (I've used it on FreeBSD
without problems).
The nice thing about it, is that it supports single-sign-on - as I
understand it, mod_auth_kerb does not.
on 06/02/05 12:48 Julien ALLANOS wrote:
> Hello,
>
> I'm new to kerberos, and I want to know if the following configuration is
> possible:
>
> I have an Apache2 web server running on Windows 2003 Server, and I want to
> authenticate users with kerberos before they can access to the web server
> content. The kdc service seems to be up and running on the Windows 2003 server.
>
> 1/ how can I check that a client (Windows XP) that has just logged into the
> domain, has been given a TGT?
>
> Now I have to "kerberize" the Apache server. I found mod_auth_krb
> (http://modauthkerb.sourceforge.net/). To compile it for Windows, I need
> headers and libs for a Kerberos implementation.
>
> 2/ Can I use Windows implementation to compile it? Or do I have to install
> another Kerberos implementation (such as MIT for Windows 2.6.5) in order to
> build it?
>
> 3/ How can I be sure only Kerberos is used (and not NTLM)?
>
> Thanks for any information.
--
Regards,
Klavs Klavsen, GSEC - kl@vsen.dk - http://www.vsen.dk
PGP: 7E063C62/2873 188C 968E 600D D8F8 B8DA 3D3A 0B79 7E06 3C62
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos