Read and respond to this message at:
No, web browsers aren't require to be kerberized. In fact, the only client
kerberized support I have right now is untested and I have no clue if it works
or not. Basically what happens instead is, your browser makes a request to
your Apache server. The Apache server says "Hey, this is restricted, who are
you?". Your web browser then asks you for a username and password, which it
then sends over to Apache which makes a request to kerberos to see if the username
and password match. Then Apache either returns a "not allowed" response to
your browser if the username and password don't match, or if the username doesn't
have access to the page/directory/whatever, or it returns the page if everything
is fine and username has access. This is more or less straight "Basic Auth".
The other alternative requires a plugin or patch to the web browser. I don't
have any plugins for any of the current browsers (I'm aiming to create some
for version 5.00). But basically, the plugins will simply use the kerberos
tickets you already have on the machine the web browser is running on, and will,
for lack of better phrasing right now, have a "hey, can i trust you? ... ok
good here, this is the user's info" conversation. But yeah, right now this
isn't all that supported because the only 'plugins' are patches to Mosaic and
Lynx. =) And.. I'm not even sure they work anymore.
So basically, long story short, the only thing you need properly configured
to talk to Kerberos is the Apache server. mod_auth_kerb could care less how
your client machine is configured, and as long as your KDC on NT talks standard-esque
kerberos, everything should be fine. You'll need a krb5.conf on your Apache
server that tells the Apache server (and any other kerberos applications) on
the Linux server that the KDC is on the NT system and such.
Does that help?
You are receiving this email because you elected to monitor this forum.
To stop monitoring this forum, login to SourceForge and visit: