kerberos service (httpd using mod_auth_kerb) in DMZ
FM
dist-list at LEXUM.UMontreal.CA
Mon Nov 14 15:44:42 EST 2005
Thank you, I'll use HTTP as service name
there a PXI firewall but for now all ports are open from the server to
kerberos server and there is non nat.
Do I also need a princ host/... ? For now I just have the HTTP/
Achim Grolms wrote:
>On Monday 14 November 2005 20:43, you wrote:
>
>
>>Thanks for the reply,
>>
>>
>
>
>
>>you can use http if you add tu http conf : KrbServiceName "http"
>>
>>
>
>Yes, but you have to configure the Browser, too.
>Internet Exploder *always* sends "HTTP".
>That means "HTTP" is a de-facto standard if you
>don't want to exclude IE-Browsers from HTTP-Authentication.
>
>Have a look at
><http://www.kerberosprotocols.org/index.php/Draft-brezak-spnego-http-03.txt>:
>
>"When the Kerberos Version 5 GSSAPI mechanism [RFC-1964] is being
>used, the HTTP server will be using a principal name of the form of
>"HTTP/".
>
>BTW: is there a HTTP-proxy between Client and kerberized HTTP-Server?
>
>Achim
>________________________________________________
>Kerberos mailing list Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
More information about the Kerberos
mailing list