Hi
vlad@v-lad.org
vlad at v-lad.org
Wed Jan 30 12:37:51 EST 2013
Deepak,
Actually if your sites are for internal users only you might as well just protect the entire site with kerberos authentication, using Apache's mod_krb5
When your entire site is protected you don't need any special login code in your application. Just get the user identity from REMOTE_USER variable.
If you are on IIS, all you need to do is to click the checkbox that says 'Enable Integrated Windows Authentication'
If you have a hybrid site that is accessible to both internal and external users, you have to go with the Ken's suggestion.
Good thing about having the entire site proctected is that every browser request will be protected by unique token. This way you will get extra protection against people who try to steal authenitcation cookies Don't worry about the performance, kerberos authentication is ligthningly fast. However, if your traffic goes outside of your corporate network you have to use encrypted channels either through VPN or HTTPS.
More information about the Kerberos
mailing list