Kerberos/Apache receiving Active Directory user/password in plain text

LUISRAMOS LUIS.RAMOS at PFIZER.COM
Mon Nov 2 10:15:05 EST 2009




Michael Ströder wrote:
> 
> LUISRAMOS wrote:
>> We have a unix web server with Apache were we installed kerberos to
>> implement single sign on.
> 
> I guess you're using mod_auth_kerb?
> 
>>  The idea with this is to have the ability of
>> autenticating through the Windows Active Directory once not needing to
>> log
>> again in the unix box.  After the setup, the autentication works.  When
>> we
>> log in to the unix server, a popup window asks for user/pwd.  After
>> entering
>> user/pwd the credentials are autenticated against the windows active
>> directory and the access to the unix/apache box is granted.  However,
>> what
>> we want is to avoid this login popup.  We noticed that when the popup
>> window
>> is displayed the following message is seeing in the popup:  "Warning: 
>> This
>> server is requesting that your username and password be sent in an
>> insecure
>> manner (basic authentication without a secure connection).  Looks like
>> the
>> internet browser is sending the credentials in plain text to the unix
>> box.  
>> 
>> Anybody has an idea on how we can configure Kerberos, or any other
>> component
>> to avoid this popup window.
> 
> Set "KrbMethodK5Passwd off" in httpd.conf.
> 
> See also: http://modauthkerb.sourceforge.net/configure.html
> 
> Ciao, Michael.
> 
> -- 
> Michael Ströder
> E-Mail: michael at stroeder.com
> http://www.stroeder.com
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 
============================
Michael, I changed the parameter and got this message:

Authorization Required
This server could not verify that you are authorized to access the document
requested. Either you supplied the wrong credentials (e.g., bad password),
or your browser doesn't understand how to supply the credentials required.


--------------------------------------------------------------------------------

Apache/2.0.52 (Unix) DAV/2 mod_auth_kerb/5.4 Server at prcognosweb Port 80

-- 
View this message in context: http://old.nabble.com/Kerberos-Apache-receiving-Active-Directory-user-password-in-plain-text-tp26114792p26157127.html
Sent from the Kerberos - General mailing list archive at Nabble.com.





More information about the Kerberos mailing list