Kerberos protocol transition for linux?
Michael B Allen
ioplex at gmail.com
Wed Nov 19 11:07:36 EST 2008
On Tue, Nov 18, 2008 at 4:21 PM, S2 <some.r at ndom.mail.invalid> wrote:
> Hallo all!
> In our small corporate we decided some time ago that in our intranet
> "all" (when possible) services we write should use kerberos to
> authenticate the users. This way we can have a central location to store
> all identities and we can propagate the user identity from service to
> service using forwardable tickets (well... this is what kerberos was
> designed for :)).
> As it happens to be, some of our applications need to be accessed from
> the evil internet, and the users accessing them can't access our KDC to
> get a TGT, so we use Microsofts ISA server to make the transition from
> Forms Based authentication to kerberos tickets. Let me explain this part
> just to be sure we are talking about the same stuff: ISA shows the user a
> form asking for a username and a password, uses this credentials to get a
> TGT from the KDC and then uses that ticket to authenticate to the
> applications in our intranet on behalf of the user. ISA keeps a list of
> SSO-Cookie-Values and kerberos tokens, so it can talk cookies to the user
> and kerberos to the backend applications.
> Now my question: is there something like this for linux?
If you have PHP see the link in my sig about Plexcel. It certainly
could do what you describe.
Mike
PS: The '.invalid' address in your email actually stops gmail from
sending directly to you. You might want to try a valid TLD.
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
More information about the Kerberos
mailing list