[Samba] apache authentication using ad kerberos
Michael Brown
sambalist at mikro-net.com
Sat Jun 4 16:46:26 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks Samba Team!
I was able to utilize AD kerberos authentication to apache using
mod_auth_kerb and samba. The 'net ads keytab create' enabled me to
create a machine keytab for the webserver. The 'net ads keytab add'
feature enabled me to add an 'HTTP' service principal to this keytab,
which shows up in the AD machine object's attributes. I did not have to
create a user in AD and map the attributes (as in this doc:
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp),
so for all intents and purposes this is a seamless operation.
AD single sign on using GSSAPI is working for windows firefox and
internet exploiter clients beautifully!
I will be writing up a doc on this soon (this weekend) at
oslabs.mikro-net.com.
Thanks again for the tireless efforts of the Samba Team!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCodriKgGND9z3oKwRAgQaAJ4jxYwxj1qKxjJAwZGMwKXOEAcSqgCgmcTy
e8rGiG2kV6bv1XkMzxNsV78=
=VwZI
-----END PGP SIGNATURE-----
More information about the samba
mailing list