[31642] in Kerberos
Re: Kerberos/Apache receiving Active Directory user/password in
daemon@ATHENA.MIT.EDU (LUISRAMOS)
Mon Nov 2 14:37:25 2009
Message-ID: <26157127.post@talk.nabble.com>
Date: Mon, 2 Nov 2009 07:15:05 -0800 (PST)
From: LUISRAMOS <LUIS.RAMOS@PFIZER.COM>
To: kerberos@mit.edu
In-Reply-To: <ikvrr6-oa5.ln1@nb2.stroeder.com>
MIME-Version: 1.0
X-Nabble-From: LUIS.RAMOS@PFIZER.COM
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Michael Ströder wrote:> > LUISRAMOS wrote:>> We have a unix web server with Apache were we installed kerberos to>> implement single sign on.> > I guess you're using mod_auth_kerb?> >> The idea with this is to have the ability of>> autenticating through the Windows Active Directory once not needing to>> log>> again in the unix box. After the setup, the autentication works. When>> we>> log in to the unix server, a popup window asks for user/pwd. After>> entering>> user/pwd the credentials are autenticated against the windows active>> directory and the access to the unix/apache box is granted. However,>> what>> we want is to avoid this login popup. We noticed that when the popup>> window>> is displayed the following message is seeing in the popup: "Warning: >> This>> server is requesting that your username and password be sent in an>> insecure>> manner (basic authentication without a secure connection). Looks like>> the>> internet browser is sending the credentials in plain text to the unix>> box. >> >> Anybody has an idea on how we can configure Kerberos, or any other>> component>> to avoid this popup window.> > Set "KrbMethodK5Passwd off" in httpd.conf.> > See also: http://modauthkerb.sourceforge.net/configure.html> > Ciao, Michael.> > -- > Michael Ströder> E-Mail: michael@stroeder.com> http://www.stroeder.com> ________________________________________________> Kerberos mailing list Kerberos@mit.edu> https://mailman.mit.edu/mailman/listinfo/kerberos> > ============================Michael, I changed the parameter and got this message:
Authorization RequiredThis server could not verify that you are authorized to access the documentrequested. Either you supplied the wrong credentials (e.g., bad password),or your browser doesn't understand how to supply the credentials required.
--------------------------------------------------------------------------------
Apache/2.0.52 (Unix) DAV/2 mod_auth_kerb/5.4 Server at prcognosweb Port 80
-- View this message in context: http://old.nabble.com/Kerberos-Apache-receiving-Active-Directory-user-password-in-plain-text-tp26114792p26157127.htmlSent from the Kerberos - General mailing list archive at Nabble.com.
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
