[unisog] Centralized auth for web servers

Saqib Ali docbook.xml at gmail.com
Tue Jul 25 03:28:27 GMT 2006


>    http://modauthkerb.sourceforge.net/
> The username and password is passed to the web server wich then does
> the authentication.  Definitely not a true kerberos service, but has
> been used for years to deal with browsers that do not (and still do not)
> pass kerberos tickets.

I believe mod_auth_kerb support negotiation as well. However you will
need IE 6.x+ or Mozilla + SPNEGO plugin.

I don't think you can achieve the security that you are looking for
without the use of pure ticker based architecture. You can use cookies
method (e.g. netegrity's siteminder), but then you are again
increasing complexity and points of (security) failures. Just my $.02

-- 
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------


More information about the unisog mailing list