kerberos service (httpd using mod_auth_kerb) in DMZ
Achim Grolms
kerberosml at grolmsnet.de
Mon Nov 14 15:28:29 EST 2005
On Monday 14 November 2005 20:43, you wrote:
> Thanks for the reply,
> you can use http if you add tu http conf : KrbServiceName "http"
Yes, but you have to configure the Browser, too.
Internet Exploder *always* sends "HTTP".
That means "HTTP" is a de-facto standard if you
don't want to exclude IE-Browsers from HTTP-Authentication.
Have a look at
<http://www.kerberosprotocols.org/index.php/Draft-brezak-spnego-http-03.txt>:
"When the Kerberos Version 5 GSSAPI mechanism [RFC-1964] is being
used, the HTTP server will be using a principal name of the form of
"HTTP/".
BTW: is there a HTTP-proxy between Client and kerberized HTTP-Server?
Achim
More information about the Kerberos
mailing list