Web auth
David Magda
dmagda+netnews at ee.ryerson.ca
Sat Apr 12 10:00:44 EDT 2003
s.zdrojewski at neticon.it (Sebastian Konstanty Zdrojewski) writes:
> I was thinking to use this solution. The application will run on a
> Linux box phisically located in a DMZ with an SSL layer installed
> to prevent sending plain text passwords.
[...]
You may want to look at: http://modauthkerb.sourceforge.net/
>From the FreeBSD Port pkg-descr:
mod_auth_kerb is an Apache module for authenticating Web
clients in a Kerberos v5 realm. Because the Kerberos
password is transmitted in plain text, this module MUST be
used in conjunction with an encryption-capable Web server (by
default, apache13-modssl). There is no documentation
provided; see the Web site for more details. This package is
built with the KRB5_VERIFY_TICKET and KRB5_SAVE_CREDENTIALS
options, and *without* Kerberos v4 support. In order to
successfully authenticate users, the Web server will need a
keytab file containing a key for the principal
`www/my.host.name.example at MY.REALM.EXAMPLE' which is readable
only by the user Apache runs as; the location of this keytab
defaults to ${LOCALBASE}/etc/apache/keytab but can be
modified in the server configuration.
--
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
More information about the Kerberos
mailing list