perlgssapi-users

[Perlgssapi-users] naive question related to Single-Sign-On on windows

[Karl F. <kar...@gm...>]

Hello,

I' d like to implement an intranet web app using perl and the server-side
(but no Apache server) and windows client using either firefox or IE.
I' ve read some documents about SPNEGO but I do not know where to start:

   - I am not an admin of the the windows domain, I do not even know how to
   find out which is the pdc, bcd, kdc etc...
   - the server is running on a linux computer on which I am not root
   either.
   - First question: is-ti feasible ?
   - second one: where do I start ?
   - I' ve tried something taking some code and logic from
   Apache2::AuthenNTLM with firefox but it goes into an infinite loop: the
   browser always send the same gss-data no matter what I send it back


Any help will greatly be appreciated.
Thanks

Karl

Re: [Perlgssapi-users] naive question related to Single-Sign-On on windows

[Achim G. <ac...@gr...>]

Hi Karl,

On Friday 05 August 2011, Karl Forner wrote:
> Hello,
>
> I' d like to implement an intranet web app using perl and the server-side
> (but no Apache server) and windows client using either firefox or IE.
> I' ve read some documents about SPNEGO but I do not know where to start:
>
>    - I am not an admin of the the windows domain, I do not even know how to
>    find out which is the pdc, bcd, kdc etc...

Nevertheless you need admin-access to the DC to create the required SPNs,
see <http://www.grolmsnet.de/kerbtut/>.
 
>    - the server is running on a linux computer on which I am not root
>    either.

Unless you try to bind your Service to a port < 1024 this can work.
       
>    - First question: is-ti feasible ?

I suppose so, years ago I've written a POP3 server using Perl and GSSAPI.

>    - second one: where do I start ?

1. Read <http://www.grolmsnet.de/kerbtut/>, I've tried to describe the 
concepts.

2. Read the sources of mod_auth_kerb as an example how this can be implemented
for HTTP-based communication.

Best Regards,
Achim