Kerberos Authentication via Apache

Scott Moseman scmoseman at gmail.com
Thu Jan 13 11:04:24 EST 2005


Achim Grolms wrote:
> >
> >> The website authenticates against the Windows domain.
> >> But it uses a pop-up box for the login authentication.
> >> I'm under the impression that it should use Kerberos
> >> tickets and get my domain login info without the need
> >> to request it from me.  I have seen it before, but I'm
> >> at a road block trying to figure out what I need to do.
> >
> > You want SPNEGO authentication.  I'm not sure if mod_auth_krb
> > can also do that as well as validate basic auth via Kerberos.
>
> mod_auth_kerb can do SPNEGO.
>
> Find my tutorial "using mod_auth_kerb and Windows 2000 as KDC"
> at <http://www.grolmsnet.de/kerbtut/>
>

Thanks, Achim, you indirectly helped me solved my problem.
All your steps are similar to the personal documentation I
created, but the link to setting up Kerberos Eventlogs via
my workstation solved my problem.  My Kerberos tickets were
created using the hostname of the server, but the website is
accessed via a virtual hostname.  It appears Kerberos wants
to use the virtual hostname in the Kerberos ticket, so I can
solve my problem by re-creating the tickets for this server.
Thanks,
Scott



More information about the Kerberos mailing list