kerberos for Microsoft IIS/any http server?

Frank Balluffi fballuffi at hotmail.com
Tue Nov 25 22:34:23 EST 2003


Sanjay,

You should also check out http://sourceforge.net/projects/modgssapache/ and 
http://sourceforge.net/projects/modauthkerb.

I recently added support for Apache 1.3 to mod_spnego, which is part of 
http://sourceforge.net/projects/modgssapache/. After these changes are 
tested on Linux, documented (in mod_spnego/readme.txt) and packaged (which 
should happen next week), mod_spnego will support Apache 1.3 and 2.0 on 
Linux, Solaris and Windows.

Frank

>From: Wyllys Ingersoll <wyllys.ingersoll at sun.com>
>Reply-To: wyllys.ingersoll at sun.com
>To: Sanjay <sanjay at cisco.com>
>CC: kerberos at MIT.EDU
>Subject: Re: kerberos for Microsoft IIS/any http server?
>Date: 25 Nov 2003 16:56:40 -0500
>
>
>Check out http://negotiateauth.mozdev.org
>This guy has an extension for mozilla for supporting
>Microsoft's Negotiate mechanism.  However, his version
>currently only supports Heimdal's Kerberos/GSSAPI.
>This site also has links to Apache plugins which support
>the IIS negotiate method.
>
>Also take a look at
>http://bugzilla.mozilla.org/show_bug.cgi?id=17578
>
>I posted a more generalized patch for Mozilla which *should*
>be able to compile with Heimdal, MIT, or Solaris Kerberos
>implementations.  It likely will not appear in Mozilla
>until release 1.7, though.  In the meantime, extensions for
>Mozilla 1.5 (and 1.6) should start appearing sometime
>in the near future.
>
>You don't mention what browser you are using or
>what OS platform you are using.
>
>-Wyllys
>
>
>
>
>On Mon, 2003-11-24 at 15:10, Sanjay wrote:
> > Hi,
> >
> > Is there a simple howto on getting a Win2K client, logged on to Active
> > Directory (AD) domain, get a file from IIS server (running on AD server)
> > with Kerberos authentication ..?
> >
> > -- IIS server is running on the Active Directory server (win2k domain
> > server).
> > Win2k Server, SP2
> > IIS 5.0
> > -- Win2K client is having SP2 & IE 5.5 SP2.
> >
> > With network tracing, I see IIS sends back WWW-Authenticate headers of
> > Negotiate first, and then NTLM, but for some reason, Win2k client picks 
>up
> > the NTLM related handshake, not Negotiate.
> >
> > During Windows logon on this client, I made sure that I use a sample 
>user
> > login from the above AD domain, and also made sure that Kerberos was
> > exchanged between the client and AD KDC server.
> >
> > Now, how do I get the Kerberos handshake going over HTTP against IIS 
>that is
> > running on the same AD server ?
> >
> > Anyone got this going against any other HTTP server (Apache?)
> >
> > tia,
> > Sanjay
> >
> >
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
>--
>Wyllys Ingersoll <wyllys.ingersoll at sun.com>
>
>________________________________________________
>Kerberos mailing list           Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos

_________________________________________________________________
Say “goodbye” to busy signals and slow downloads with a high-speed Internet 
connection! Prices start at less than $1 a day average.  
https://broadband.msn.com (Prices may vary by service area.)



More information about the Kerberos mailing list