[36383] in Kerberos
Re: Announcing mod_auth_gssapi
daemon@ATHENA.MIT.EDU (Chris Hecker)
Thu Aug 14 18:29:20 2014
MIME-Version: 1.0
In-Reply-To: <8761hulnj8.fsf@hope.eyrie.org>
Date: Thu, 14 Aug 2014 15:29:03 -0700
Message-ID: <CAOdMLc1evTO8aus9W-SEN9Ww+xB4LtetNaaKMfXJ1HBrpB8WNA@mail.gmail.com>
From: Chris Hecker <checker@d6.com>
To: Russ Allbery <eagle@eyrie.org>
Cc: Simo Sorce <simo@redhat.com>, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
By being gss-only, do you mean the module, or clients must use gss as well?
Chris
On Aug 14, 2014 3:24 PM, "Russ Allbery" <eagle@eyrie.org> wrote:
> Simo Sorce <simo@redhat.com> writes:
>
> > I have recently released a new module for Apache called mod_auth_gssapi
> > to modernize a little bit on the ancient and substantially unmaintained
> > mod_auth_kerb.
>
> > The code is here on github[1] for now, and packages will soon be
> > available for Fedora (and any other distro that wants to pick it up).
>
> > Highlights are:
> > - uses exclusively GSSAPI calls
> > - requires a modern MIT Kerberos version (at least 1.11)
> > - supports storing a bearer token in a secure, http-only, session cookie
> > automatically to avoid multiple round-trips in applications
> > - support enforcing the use of a TLS connection
> > - experimental support for channel bindings (depends on an unaccepted
> > Apache patch and browser support).
> > - optionally exports delegated credentials to support s4u2proxy based
> > operations in web applications
>
> > I had fun coding this, which started as an experiment on a boring plane
> > trip, I hope it can be of use to others.
>
> Oh, excellent! I'd been meaning to do the same thing for years and never
> got to it, so I'm very glad you did. That sounds very interesting! Thank
> you!
>
> --
> Russ Allbery (eagle@eyrie.org) <http://www.eyrie.org/~eagle/>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
