Re: Practical experience with NTLM/Windows Integrated Authentication [Apache]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, Feb 16, 2009 at 6:03 PM, Kanwar Ranbir Sandhu
<m3freak@xxxxxxxxxxxxxxxxxx> wrote:
> On Mon, 2009-02-16 at 15:21 -0500, Ross Walker wrote:
>
>> Avoid NTLM all together and use Kerberos between apache/squid, Active
>> Directory and the Windows and Linux clients.
>>
>> Firefox and IE both support Kerberos authentication. I believe apache/
>> squid do too, but you need a manually create the service principal
>> names in AD for those.
>
> I was using NTLM at first, but then switched to Kerberos (on the CentOS
> server side).  The Windows users didn't see a difference.  For them, SSO
> works just as well as before, but I still get prompted to enter
> user/password when I use my Fedora 10 desktop to browse to CentOS hosted
> web sites.
>
> My Fedora desktop is joined to the domain. I can login with my AD
> user/password. I even have caching working, which lets me sign on to my
> laptop when it's not connected to the network.
>
> I suppose I've missed something, though I don't know what.

In Firefox go to your about:config page and scroll down to:

network.negotiate-auth.delegation-uris

and

network.negotiate-auth.trusted-uris

and for their string values enter your DNS domain to allow kerberos
negotiation and delegation to occur.

-Ross
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux