[Samba] apache authentication using ad kerberos
Andrew Bartlett
abartlet at samba.org
Sat Jun 4 23:42:37 GMT 2005
On Sat, 2005-06-04 at 09:46 -0700, Michael Brown wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Thanks Samba Team!
> I was able to utilize AD kerberos authentication to apache using
> mod_auth_kerb and samba. The 'net ads keytab create' enabled me to
> create a machine keytab for the webserver. The 'net ads keytab add'
> feature enabled me to add an 'HTTP' service principal to this keytab,
> which shows up in the AD machine object's attributes. I did not have to
> create a user in AD and map the attributes (as in this doc:
> http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp),
> so for all intents and purposes this is a seamless operation.
> AD single sign on using GSSAPI is working for windows firefox and
> internet exploiter clients beautifully!
> I will be writing up a doc on this soon (this weekend) at
> oslabs.mikro-net.com.
Make sure to bring all documentation to the attention of jht (cc'd). It
is very good to see this working.
Should you find yourself needing the NTLM side of things, look at:
http://samba.org/ftp/unpacked/lorikeet/mod_ntlm_winbind/
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050605/29c14e52/attachment.bin
More information about the samba
mailing list