Web auth

David Magda dmagda+netnews at ee.ryerson.ca
Sat Apr 12 10:00:44 EDT 2003


s.zdrojewski at neticon.it (Sebastian Konstanty Zdrojewski) writes:

> I was thinking to use this solution. The application will run on a
> Linux box phisically located in a DMZ with an SSL layer installed
> to prevent sending plain text passwords.
[...]

You may want to look at: http://modauthkerb.sourceforge.net/

>From the FreeBSD Port pkg-descr:

        mod_auth_kerb is an Apache module for authenticating Web
        clients in a Kerberos v5 realm.  Because the Kerberos
        password is transmitted in plain text, this module MUST be
        used in conjunction with an encryption-capable Web server (by
        default, apache13-modssl).  There is no documentation
        provided; see the Web site for more details.  This package is
        built with the KRB5_VERIFY_TICKET and KRB5_SAVE_CREDENTIALS
        options, and *without* Kerberos v4 support.  In order to
        successfully authenticate users, the Web server will need a
        keytab file containing a key for the principal
        `www/my.host.name.example at MY.REALM.EXAMPLE' which is readable
        only by the user Apache runs as; the location of this keytab
        defaults to ${LOCALBASE}/etc/apache/keytab but can be
        modified in the server configuration.

-- 
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well 
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI


More information about the Kerberos mailing list