Sharad Desai wrote:
> Hi All,
> I was actually interested in implementing a web SSO solution for my
> environment. I have five applications -- all web applications, so a web SSO
> is needed -- and three run off of Windows, while the other two are Unix and
> Linux. Since they are web apps, it won't matter from where they are run
> from.
> I wanted to use Kerberos to authenticate the user. After research, I
> thought this would make sense. I saw some suggestions using CoSign or
> WebAuth. I can't use WebAuth because it is only for Linux, and CoSign is
> written for Apache (but there are ISAPI filters i guess for IIS) and I am
> running off of Microsoft IIS.
> Hopefully this is on the right track. I know that using Kerberos for web
> SSO is definitely quite difficult, but I would like for it to be
> implemented. If any of you have suggestions or any advice, I would
> appreciate it.

You may want to search for SPNEGO and mod_auth_kerb. Windows IE and IIS
have SPNEGO built in, and can use the Kerberos in Active Directory.
Apache can use mod_auth_kerb that supports SPNEGO. With FireFox 2 on any platform
see the about:config and the network.negotiate-auth.trusted-uris option.

> Thanks in advance.
> ________________________________________________
> Kerberos mailing list


Douglas E. Engert
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444