Mod_auth_kerb source download
Star 2. Branches Tags. Could not load branches. Could not load tags. Latest commit. Git stats 2 commits. Failed to load latest commit information. View code. The module also supports the Negotiate authentication method, which performs full Kerberos authentication based on ticket exchanges, and does not require users to insert their passwords to the browser. In order to use the Negotiate method you need a browser supporting it currently standard IE6.
The module supports both kerberos4 and kerberos5 protocols for password verification. The Negotiate mechanism can be only used with Kerberos v5. The module supports both 1. If you are using the Basic Auth mechanism, the module does not do any special encryption of any sort. The passing of the username and password is done with the same Base64 encoding that Basic Auth uses. This can easily be converted to plain text. The use of SSL encryption is also recommended if you are using the Negotiate method.
For the reasons of backwards compatibility the values KerberosV4 and KerberosV5 are also supported. Their use is not recommended though, for finer setting use following three options. KrbMethodNegotiate on off set to on by default To enable or disable the use of the Negotiate method.
In this post I am going to explain a rather unusual setup which we have implemented for a customer lately: Apache Single Sign On using Active Directory Server. This is not so unusual. For Apache on Windows there is no precompiled Kerberos module available. So we compiled it. Read on to find out how we configured the whole setup. Please leave a comment on this page and tell us what you think. If we can be of any help let us know!
When I write your. Pick a password for both users. In order to use the Negotiate method you need a browser supporting it currently standard IE6.
The module supports both kerberos4 and kerberos5 protocols for password verification. The Negotiate mechanism can be only used with Kerberos v5. The module supports both 1. If you are using the Basic Auth mechanism, the module does not do any special encryption of any sort. The passing of the username and password is done with the same Base64 encoding that Basic Auth uses. This can easily be converted to plain text. The use of SSL encryption is also recommended if you are using the Negotiate method.
For the reasons of backwards compatibility the values KerberosV4 and KerberosV5 are also supported. Their use is not recommended though, for finer setting use following three options.
KrbMethodNegotiate on off set to on by default To enable or disable the use of the Negotiate method. You need a special support on the browser side to support this mechanism. KrbMethodK5Passwd on off set to on by default To enable or disable the use of password based authentication for Kerberos v5. KrbMethodK4Passwd on off set to on by default To enable or disable the use of password based authentication for Kerberos v4.
KrbAuthoritative on off set to on by default If set to off this directive allow authentication controls to be pass on to another modules. Use only if you really know what you are doing.
KrbAuthRealms realm1 [realm This defaults to the default realm taken from the local Kerberos configuration. KrbVerifyKDC on off set to on by default This option can be used to disable the verification tickets against local keytab to prevent KDC spoofing atacks. It should be used only for testing purposes.
0コメント