Kerberos/Apache receiving Active Directory user/password in plain text
Michael Ströder
michael at stroeder.com
Tue Nov 3 02:04:09 EST 2009
LUISRAMOS wrote:
>
> Michael Ströder wrote:
>> LUISRAMOS wrote:
>>> We have a unix web server with Apache were we installed kerberos to
>>> implement single sign on.
>> I guess you're using mod_auth_kerb?
>>
>>> The idea with this is to have the ability of autenticating through the
>>> Windows Active Directory once not needing to log again in the unix box.
>>> After the setup, the autentication works. When we log in to the unix
>>> server, a popup window asks for user/pwd. After entering user/pwd the
>>> credentials are autenticated against the windows active directory and
>>> the access to the unix/apache box is granted. However, what we want is
>>> to avoid this login popup. We noticed that when the popup window is
>>> displayed the following message is seeing in the popup: "Warning: This
>>> server is requesting that your username and password be sent in an
>>> insecure manner (basic authentication without a secure connection).
>>> Looks like the internet browser is sending the credentials in plain
>>> text to the unix box.
>>>
>>> Anybody has an idea on how we can configure Kerberos, or any other
>>> component to avoid this popup window.
>>
>> Set "KrbMethodK5Passwd off" in httpd.conf.
>>
>> See also: http://modauthkerb.sourceforge.net/configure.html
>
> Michael, I changed the parameter and got this message:
>
> Authorization Required
> This server could not verify that you are authorized to access the document
> requested. Either you supplied the wrong credentials (e.g., bad password),
> or your browser doesn't understand how to supply the credentials required.
Well, you have to set up your environment to let the browser use SPNEGO/Kerberos.
Ciao, Michael.
More information about the Kerberos
mailing list