Kerberos/Apache receiving Active Directory user/password in plain text

LUISRAMOS LUIS.RAMOS at PFIZER.COM
Thu Oct 29 11:04:13 EDT 2009


Hi all,

We have a unix web server with Apache were we installed kerberos to
implement single sign on.  The idea with this is to have the ability of
autenticating through the Windows Active Directory once not needing to log
again in the unix box.  After the setup, the autentication works.  When we
log in to the unix server, a popup window asks for user/pwd.  After entering
user/pwd the credentials are autenticated against the windows active
directory and the access to the unix/apache box is granted.  However, what
we want is to avoid this login popup.  We noticed that when the popup window
is displayed the following message is seeing in the popup:  "Warning:  This
server is requesting that your username and password be sent in an insecure
manner (basic authentication without a secure connection).  Looks like the
internet browser is sending the credentials in plain text to the unix box.  

Anybody has an idea on how we can configure Kerberos, or any other component
to avoid this popup window.

Thanks in advance
-- 
View this message in context: http://www.nabble.com/Kerberos-Apache-receiving-Active-Directory-user-password-in-plain-text-tp26114792p26114792.html
Sent from the Kerberos - General mailing list archive at Nabble.com.




More information about the Kerberos mailing list