On Feb 16, 2009, at 3:13 AM, "Sorin Srbu" <sorin.srbu@xxxxxxxxxxxxx> wrote: >> -----Original Message----- >> From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On > Behalf >> Of Christopher Chan >> Sent: Monday, February 16, 2009 8:53 AM >> To: CentOS mailing list >> Subject: Re: Practical experience with NTLM/Windows >> Integrated >> Authentication [Apache] >> >> >>>> No, NTLM auth works in Firefox (at least on Firefox on Windows, I >>>> don't think it will work in other platforms though). >>> >>> It doesn't. NTLM auth to eg Sharepoint sites works fine with >>> Firefox in >>> Windows. Setting the same things in Firefox under linux and having >>> it > login >>> to sharepoint doesn't. >> >> I don't think any other OS other than Windows has NTLM bindings. > > Probably not, but I was thinking there may be some obscure package > somewhere > on the 'net to do this. Avoid NTLM all together and use Kerberos between apache/squid, Active Directory and the Windows and Linux clients. Firefox and IE both support Kerberos authentication. I believe apache/ squid do too, but you need a manually create the service principal names in AD for those. Use pam_krb5 on the Linux clients to get a ticket on login. Use samba client on Linux hosts to join to domain and manage the Kerberos keytab file for the machine passwords. Use winbind to get passwd/group files via nsswitch. -Ross _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: Practical experience with NTLM/Windows Integrated Authentication [Apache]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: Practical experience with NTLM/Windows Integrated Authentication [Apache]
- From: Ross Walker <rswwalker@xxxxxxxxx>
- Date: Mon, 16 Feb 2009 15:21:58 -0500
- Cc: CentOS mailing list <centos@xxxxxxxxxx>
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <006601c9900e$6cefb340$46cf19c0$@srbu@orgfarm.uu.se>
- References: <6317d8990902130311v3a130799yb700b615d7effca6@xxxxxxxxxxxxxx> <4998AD05.4090207@xxxxxxxxxxxxxxx> <e814db780902151858s39b100bx72928379a31a7d60@xxxxxxxxxxxxxx> <005001c9900a$dfa2f040$9ee8d0c0$@srbu@orgfarm.uu.se> <49991B41.6000607@xxxxxxxxxxxxxxx> <006601c9900e$6cefb340$46cf19c0$@srbu@orgfarm.uu.se>
- Follow-Ups:
- Re: Practical experience with NTLM/Windows Integrated Authentication [Apache]
- From: Christopher Chan
- Re: Practical experience with NTLM/Windows Integrated Authentication [Apache]
- From: Kanwar Ranbir Sandhu
- Re: Practical experience with NTLM/Windows Integrated Authentication [Apache]
- References:
- Practical experience with NTLM/Windows Integrated Authentication [Apache]
- From: Sven
- Re: Practical experience with NTLM/Windows Integrated Authentication [Apache]
- From: Christopher Chan
- Re: Practical experience with NTLM/Windows Integrated Authentication [Apache]
- From: Filipe Brandenburger
- Re: Practical experience with NTLM/Windows Integrated Authentication [Apache]
- From: Sorin Srbu
- Re: Practical experience with NTLM/Windows Integrated Authentication [Apache]
- From: Christopher Chan
- Re: Practical experience with NTLM/Windows Integrated Authentication [Apache]
- From: Sorin Srbu
- Practical experience with NTLM/Windows Integrated Authentication [Apache]
- Prev by Date: ipsec net-to-net problem
- Next by Date: Re: kickstart driverdisk
- Previous by thread: Re: Practical experience with NTLM/Windows Integrated Authentication [Apache]
- Next by thread: Re: Practical experience with NTLM/Windows Integrated Authentication [Apache]
- Index(es):
 |