[unisog] Centralized auth for web servers
docbook.xml at gmail.com
Tue Jul 25 03:28:27 GMT 2006
> The username and password is passed to the web server wich then does
> the authentication. Definitely not a true kerberos service, but has
> been used for years to deal with browsers that do not (and still do not)
> pass kerberos tickets.
I believe mod_auth_kerb support negotiation as well. However you will
need IE 6.x+ or Mozilla + SPNEGO plugin.
I don't think you can achieve the security that you are looking for
method (e.g. netegrity's siteminder), but then you are again
increasing complexity and points of (security) failures. Just my $.02
Saqib Ali, CISSP, ISSAP
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
More information about the unisog