[Samba] automatically authenticate domain logged-on users ina pache with AD/NTDOM?

Palle Girgensohn girgen at pingpong.net
Fri Oct 22 20:30:20 GMT 2004

Yeah, "interoperate over either NTLM or Kerberos to provide SSO", that's 
exactly what I'm talking about! Only, I want to trade IIS for apache at unix. 
I can still use Explorer at windows for clients.

Very interesting, though, that Mozilla has been kerberized. I knew it would 
happen, but I haven't read anything about that.

Thanks for the input,

--On fredag 22 oktober 2004 11.14 -0700 Aaron Grewell <AGrewell at uwb.edu> 

> IIS and IE can interoperate over either NTLM or Kerberos to provide SSO.
> Mozilla has an OSS implementation of this, but last I heard it only
> supported NTLM not Kerb.  Moz supports Kerberos on some platforms via
> GSSAPI (http://www.mozilla.org/releases/mozilla1.7b/README.html), which
> in combination with mod_auth_kerb (http://modauthkerb.sourceforge.net/)
> is supposed to provide SSO on Unix-type platforms.

> On Fri, 2004-10-22 at 18:49 +0200, Palle Girgensohn wrote:
>> Hi!
>> I don't use MS products at all, so I have very little knowledge with
>> them,
>> but I believe Microsoft has as protocol where Internet Explorer can
>> automatically authenticate against an IIS server, and given that the
> server
>> and client are on the same NT domain, and the client user is logged in
>> to  that domain, the user is automatically logged in without the need to
>> give  away the password one more time to the webserver.
>> What is happening between the web server & the web client? Is the
>> protocol
>> open or reverse engineered? Can this authentication be done using apache
>> @
>> unix (perhaps by apache interacting with samba somehow)?
>> Any ideas or links to more info about this would be much appreciated.
>> Thanks!
>> /Palle

More information about the samba mailing list