Re: Kerberized Apache - Kerberos

This is a discussion on Re: Kerberized Apache - Kerberos ; kerberos-bounces@mit.edu wrote on 20/02/2008 03:38:09: > > > > Hello All, > > > > I am looking for a way to enable users to get access to their space through > > the web browser. > > I would ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: Kerberized Apache

  1. Re: Kerberized Apache

    kerberos-bounces@mit.edu wrote on 20/02/2008 03:38:09:

    > >
    > > Hello All,
    > >
    > > I am looking for a way to enable users to get access to their space

    through
    > > the web browser.
    > > I would like to integrate it with our Kerberized SSO environment as

    well.
    > > I tried this module http://modauthkerb.sourceforge.net/ but I have
    > > encounter some issues:
    > >
    > > 1) I didn't succeed in configuring SSO
    > >
    > > For each access through the web browser I have been asked for

    user
    > > and password although
    > > I already had a valid ticket

    >
    > Do you mean that you have a TGT, or that you acquired the necessary HTTP
    > service ticket?


    I referred to the TGT.

    >
    > Take a look at the Apache error log; anything there from mod_auth_kerb?>


    Nothing special here.

    > > 2) The .htaccess file must be used to control access to each directory.
    > >
    > > For each space I would like to give an access I have to create
    > > an .htaccess file and
    > > add an entry in the apcahe configuration file as well
    > >
    > > Does anyone have experience with this issue ?
    > > Are there any other Kerberos modules for apache that better suits my
    > > needs ?

    >
    > --
    > Richard Silverman
    > res@qoxp.net
    >
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos



  2. Re: Kerberized Apache

    >>>>> "IL" == Ido Levy writes:

    IL> kerberos-bounces@mit.edu wrote on 20/02/2008 03:38:09:
    >> >
    >> > Hello All,
    >> >
    >> > I am looking for a way to enable users to get access to their

    >> space

    IL> through
    >> > the web browser. > I would like to integrate it with our

    >> Kerberized SSO environment as

    IL> well.
    >> > I tried this module http://modauthkerb.sourceforge.net/ but I

    >> have > encounter some issues:
    >> >
    >> > 1) I didn't succeed in configuring SSO
    >> >
    >> > For each access through the web browser I have been asked for

    IL> user
    >> > and password although > I already had a valid ticket

    >>
    >> Do you mean that you have a TGT, or that you acquired the necessary
    >> HTTP service ticket?


    IL> I referred to the TGT.

    Then you have a basic problem: the browser is not trying or succeeding in
    acquiring the service ticket. If you're using Firefox, you have to
    explicitly turn on GSSAPI authentication by setting
    network.negotiate-auth.trusted-uris. If this is turned on, trace the
    Kerberos traffic (UDP/TCP port 88) and see what's happening.

    >>
    >> Take a look at the Apache error log; anything there from
    >> mod_auth_kerb?>


    IL> Nothing special here.

    There won't be; since you have no service ticket, it can't try
    ticket-based authentication.

    >> > 2) The .htaccess file must be used to control access to each

    >> directory.
    >> >
    >> > For each space I would like to give an access I have to create >

    >> an .htaccess file and > add an entry in the apcahe configuration
    >> file as well
    >> >
    >> > Does anyone have experience with this issue ? > Are there any

    >> other Kerberos modules for apache that better suits my > needs ?
    >>
    >> -- Richard Silverman res@qoxp.net
    >>
    >> ________________________________________________ Kerberos mailing
    >> list Kerberos@mit.edu
    >> https://mailman.mit.edu/mailman/listinfo/kerberos



    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread