Kerberos protocol transition for linux?
S2
some.r at ndom.mail.invalid
Wed Nov 19 11:45:35 EST 2008
Michael B Allen wrote:
> If you have PHP see the link in my sig about Plexcel. It certainly
> could do what you describe.
The back end services are a mix of Java, .NET, php and rails apps (on
windows and on linux servers), so the proxy should be language
independent and not require a module on the application server side.
I am not sure I understood from the pdf how Plexcel works.
All application servers can already speak SPNEGO, so that should be used
to forward the Kerbeos credentials over HTTP (I did read SPNEGO on that
page, but I am not sure how it is used).
So what we would like to do is (fixed font required):
O
\|/ +-------------+ +-------------------+
| -------> | Magic proxy | ------> | Protected Service |
/ \ HTTP +-------------+ SPNEGO +-------------------+
User ^
from the |
Internet |
v
+-----+
| KDC |
+-----+
Do you think Plexcel could be the "Magic Proxy" Box?
> PS: The '.invalid' address in your email actually stops gmail from
> sending directly to you. You might want to try a valid TLD.
That email account is not valid anyway.
More information about the Kerberos
mailing list