Auth types for Samba4 SWAT
Andrew Bartlett
abartlet at samba.org
Sat May 28 21:27:58 GMT 2005
Tridge,
While I agree that nice HTTP forms look prettier than HTTP
authentication, particularly for the basic case, I'm concerned about
your IRC comments (hi jra ;-) that HTTP authentication doesn't matter,
because of our self-signed SSL certificate.
While I think that such support should be optional, we should allow both
NTLM and 'Negotiate' (GSS-SPNEGO) authentication for the webserver,
possibly via a different URL prefix, or other 'marker'.
These authentication types can be (when a user logs in from a member of
the domain, or has the appropriate kerberos credentials) entirely
transparent. If we allow these, there need be no extra 'authentication
step' over what Microsoft offers with their administration tools, and we
avoid a clear-text password, no matter what the channel security (or
otherwise).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050529/3000e635/attachment.bin
More information about the samba-technical
mailing list