authenticating arbitrary service via web auth...

Karl Pitrich karl.pitrich at fabasoft.com
Wed May 28 05:26:06 EDT 2003


hi all,

following scenario:

web browser -> http server/CGI -> CGI-application using kerberos to 
                                  connect to proprietary RPC on port x.


the RPC service is hosted in s2k and linux.
on w2k, i added a user to the activedirectory and used
ktpass --princ RPCSERVICE at REALM -mapuser RPCUSR .. etc.
to create a keytab which i imported in my local keytab.
this works, as long as i kinit the machine and user running the http
server. (not apache, btw.)

how would be te simplest/sanest way to authenticate such a setup
via the WWW-Auth entered by the user at the browser?
(i just dont get it how mod_auth_krb does this on apache)

is it always necessary to get a ticket?

what would be the correct way to grant using a service via a http/cgi
server to several users within a kerberos realm?
                                  


manyTIA,


karl

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20030528/163ab364/attachment.bin


More information about the Kerberos mailing list