mod_auth_kerb and kerberos

Andrew Bartlett abartlet at
Thu Sep 8 04:38:19 EDT 2005

On Wed, 2005-09-07 at 18:04 -0700, Henry B. Hotz wrote:
> 5.0-rc6 works fine with Heimdal 0.6.x and MIT 1.3.x.  I published a  
> patch for Heimdal 0.7 on one of the Heimdal lists a bit ago.  I've  
> since patched it to work with MIT 1.4.x, but have further modifications  
> to make.  If you can prove you're a US citizen I can send you the mods.  
>   ;-P
> As best I understand the situation, mod_auth_kerb was the testbed for  
> open-source re-implementation of Microsoft's SPNEGO on the server side.  
>   Since then SPNEGO has been added to the gssapi implementations of both  
> Heimdal and MIT distributions, so that code can be deleted.

The other implementation of something similar is mod_ntlm_winbind, which
backs on Samba4 (or indeed a dodgy implementation in Samba3)'s
implementation of SPNEGO.

The difference with the Samba approach is that we allow SPNEGO to
negotiate NTLMSSP.  This may or may not be something you want, but it's
what we provide, for greater compatibility.

I have just put out a call for developers to port the apache 1.3 module
to 2.0, so we should have that working soon.

Andrew Bartlett

Andrew Bartlett                      
Samba Developer, SuSE Labs, Novell Inc.
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the krbdev mailing list