kerberos service (httpd using mod_auth_kerb) in DMZ

Achim Grolms kerberosml at grolmsnet.de
Mon Nov 14 15:28:29 EST 2005


On Monday 14 November 2005 20:43, you wrote:
> Thanks for the reply,

> you can use http if you add tu http conf :  KrbServiceName  "http"

Yes, but you have to configure the Browser, too.
Internet Exploder *always* sends "HTTP".
That means "HTTP" is a de-facto standard if you
don't want to exclude IE-Browsers from HTTP-Authentication.

Have a look at 
<http://www.kerberosprotocols.org/index.php/Draft-brezak-spnego-http-03.txt>:

"When the Kerberos Version 5 GSSAPI mechanism [RFC-1964] is being 
used, the HTTP server will be using a principal name of the form of 
"HTTP/".

BTW: is there a HTTP-proxy between Client and kerberized HTTP-Server?

Achim


More information about the Kerberos mailing list