[31638] in Kerberos
Re: Kerberos/Apache receiving Active Directory user/password in plain
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Michael_Str=F6der?=)
Fri Oct 30 17:15:45 2009
From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
Date: Fri, 30 Oct 2009 21:41:21 +0100
Message-ID: <ikvrr6-oa5.ln1@nb2.stroeder.com>
Mime-Version: 1.0
X-Complaints-To: usenet-abuse@t-online.de
In-Reply-To: <mailman.4.1256828665.4938.kerberos@mit.edu>
To: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
LUISRAMOS wrote:
> We have a unix web server with Apache were we installed kerberos to
> implement single sign on.
I guess you're using mod_auth_kerb?
> The idea with this is to have the ability of
> autenticating through the Windows Active Directory once not needing to log
> again in the unix box. After the setup, the autentication works. When we
> log in to the unix server, a popup window asks for user/pwd. After entering
> user/pwd the credentials are autenticated against the windows active
> directory and the access to the unix/apache box is granted. However, what
> we want is to avoid this login popup. We noticed that when the popup window
> is displayed the following message is seeing in the popup: "Warning: This
> server is requesting that your username and password be sent in an insecure
> manner (basic authentication without a secure connection). Looks like the
> internet browser is sending the credentials in plain text to the unix box.
>
> Anybody has an idea on how we can configure Kerberos, or any other component
> to avoid this popup window.
Set "KrbMethodK5Passwd off" in httpd.conf.
See also: http://modauthkerb.sourceforge.net/configure.html
Ciao, Michael.
--
Michael Ströder
E-Mail: michael@stroeder.com
http://www.stroeder.com
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
