Kerberized Apache
Richard E. Silverman
res at qoxp.net
Wed Feb 20 16:41:13 EST 2008
>>>>> "IL" == Ido Levy <IDOL at il.ibm.com> writes:
IL> kerberos-bounces at mit.edu wrote on 20/02/2008 03:38:09:
>> >
>> > Hello All,
>> >
>> > I am looking for a way to enable users to get access to their
>> space
IL> through
>> > the web browser. > I would like to integrate it with our
>> Kerberized SSO environment as
IL> well.
>> > I tried this module http://modauthkerb.sourceforge.net/ but I
>> have > encounter some issues:
>> >
>> > 1) I didn't succeed in configuring SSO
>> >
>> > For each access through the web browser I have been asked for
IL> user
>> > and password although > I already had a valid ticket
>>
>> Do you mean that you have a TGT, or that you acquired the necessary
>> HTTP service ticket?
IL> I referred to the TGT.
Then you have a basic problem: the browser is not trying or succeeding in
acquiring the service ticket. If you're using Firefox, you have to
explicitly turn on GSSAPI authentication by setting
network.negotiate-auth.trusted-uris. If this is turned on, trace the
Kerberos traffic (UDP/TCP port 88) and see what's happening.
>>
>> Take a look at the Apache error log; anything there from
>> mod_auth_kerb?>
IL> Nothing special here.
There won't be; since you have no service ticket, it can't try
ticket-based authentication.
>> > 2) The .htaccess file must be used to control access to each
>> directory.
>> >
>> > For each space I would like to give an access I have to create >
>> an .htaccess file and > add an entry in the apcahe configuration
>> file as well
>> >
>> > Does anyone have experience with this issue ? > Are there any
>> other Kerberos modules for apache that better suits my > needs ?
>>
>> -- Richard Silverman res at qoxp.net
>>
>> ________________________________________________ Kerberos mailing
>> list Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Richard Silverman
res at qoxp.net
More information about the Kerberos
mailing list