[Samba] automatically authenticate domain logged-on users
ina pache with AD/NTDOM?
Palle Girgensohn
girgen at pingpong.net
Fri Oct 22 20:30:20 GMT 2004
Yeah, "interoperate over either NTLM or Kerberos to provide SSO", that's
exactly what I'm talking about! Only, I want to trade IIS for apache at unix.
I can still use Explorer at windows for clients.
Very interesting, though, that Mozilla has been kerberized. I knew it would
happen, but I haven't read anything about that.
Thanks for the input,
Palle
--On fredag 22 oktober 2004 11.14 -0700 Aaron Grewell <AGrewell at uwb.edu>
wrote:
> IIS and IE can interoperate over either NTLM or Kerberos to provide SSO.
> Mozilla has an OSS implementation of this, but last I heard it only
> supported NTLM not Kerb. Moz supports Kerberos on some platforms via
> GSSAPI (http://www.mozilla.org/releases/mozilla1.7b/README.html), which
> in combination with mod_auth_kerb (http://modauthkerb.sourceforge.net/)
> is supposed to provide SSO on Unix-type platforms.
>
> On Fri, 2004-10-22 at 18:49 +0200, Palle Girgensohn wrote:
>> Hi!
>>
>> I don't use MS products at all, so I have very little knowledge with
>> them,
>
>> but I believe Microsoft has as protocol where Internet Explorer can
>> automatically authenticate against an IIS server, and given that the
> server
>> and client are on the same NT domain, and the client user is logged in
>> to that domain, the user is automatically logged in without the need to
>> give away the password one more time to the webserver.
>>
>> What is happening between the web server & the web client? Is the
>> protocol
>
>> open or reverse engineered? Can this authentication be done using apache
>> @
>
>> unix (perhaps by apache interacting with samba somehow)?
>>
>> Any ideas or links to more info about this would be much appreciated.
>> Thanks!
>>
>> /Palle
>>
More information about the samba
mailing list