[EXTERNAL] using kerberos to authenticate for a web api
cneberg at sandia.gov
Tue Nov 5 11:00:05 EST 2013
mod_auth_kerb works, most of the updates nowadays come from Redhat and others within a specific linux distro. So you can install using your distro specific package manager. I believe redhat puts their patches in the srpms if want to compile their latest for a different platform.
>>and it would require me to have API clients deal with SPNEGO.
It validates Kerberos passwords ie, basic auth, and regular Kerberos GSSAPI, and SPNEGO GSSAPI.
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf Of Chris Hecker
Sent: Tuesday, November 05, 2013 1:23 AM
To: kerberos at mit.edu
Subject: [EXTERNAL] using kerberos to authenticate for a web api
I use kerberos for my authn system, including direct krb5 calls from my
game, CoSign for webpage SSO, etc. At some point, I'd like to make the
metrics from my game available in a web API, and I'd like to
authenticate these API users with the same kerberos system. What's the
best way to do this? Most APIs are authenticated with OAuth these days,
but I don't see any turnkey hookup for Kerberos and OAuth. I found this
There's mod_auth_kerb, but it hasn't been updated in a long time (maybe
it just works?), and it would require me to have API clients deal with
Any advice here?
Kerberos mailing list Kerberos at mit.edu
More information about the Kerberos