Re: Practical experience with NTLM/Windows Integrated Authentication [Apache]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Feb 16, 2009, at 3:13 AM, "Sorin Srbu" <sorin.srbu@xxxxxxxxxxxxx>  
wrote:

>> -----Original Message-----
>> From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On
> Behalf
>> Of Christopher Chan
>> Sent: Monday, February 16, 2009 8:53 AM
>> To: CentOS mailing list
>> Subject: Re:  Practical experience with NTLM/Windows  
>> Integrated
>> Authentication [Apache]
>>
>>
>>>> No, NTLM auth works in Firefox (at least on Firefox on Windows, I
>>>> don't think it will work in other platforms though).
>>>
>>> It doesn't. NTLM auth to eg Sharepoint sites works fine with  
>>> Firefox in
>>> Windows. Setting the same things in Firefox under linux and having  
>>> it
> login
>>> to sharepoint doesn't.
>>
>> I don't think any other OS other than Windows has NTLM bindings.
>
> Probably not, but I was thinking there may be some obscure package  
> somewhere
> on the 'net to do this.

Avoid NTLM all together and use Kerberos between apache/squid, Active  
Directory and the Windows and Linux clients.

Firefox and IE both support Kerberos authentication. I believe apache/ 
squid do too, but you need a manually create the service principal  
names in AD for those.

Use pam_krb5 on the Linux clients to get a ticket on login.

Use samba client on Linux hosts to join to domain and manage the  
Kerberos keytab file for the machine passwords.

Use winbind to get passwd/group files via nsswitch.

-Ross

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux