[31654] in Kerberos
Re: Kerberos/Apache receiving Active Directory user/password in plain
daemon@ATHENA.MIT.EDU (=?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==)
Thu Nov 5 16:53:04 2009
From: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= <michael@stroeder.com>
Date: Tue, 03 Nov 2009 08:04:09 +0100
Message-ID: <vte5s6-fr5.ln1@nb2.stroeder.com>
Mime-Version: 1.0
X-Complaints-To: usenet-abuse@t-online.de
In-Reply-To: <mailman.0.1257190560.13686.kerberos@mit.edu>
To: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
LUISRAMOS wrote:> > Michael Ströder wrote:>> LUISRAMOS wrote:>>> We have a unix web server with Apache were we installed kerberos to>>> implement single sign on.>> I guess you're using mod_auth_kerb?>>>>> The idea with this is to have the ability of autenticating through the>>> Windows Active Directory once not needing to log again in the unix box.>>> After the setup, the autentication works. When we log in to the unix>>> server, a popup window asks for user/pwd. After entering user/pwd the>>> credentials are autenticated against the windows active directory and>>> the access to the unix/apache box is granted. However, what we want is>>> to avoid this login popup. We noticed that when the popup window is>>> displayed the following message is seeing in the popup: "Warning: This>>> server is requesting that your username and password be sent in an >>> insecure manner (basic authentication without a secure connection).>>> Looks like the internet browser is sending the credentials in plain>>> text to the unix box.>>>>>> Anybody has an idea on how we can configure Kerberos, or any other >>> component to avoid this popup window.>>>> Set "KrbMethodK5Passwd off" in httpd.conf.>>>> See also: http://modauthkerb.sourceforge.net/configure.html>> Michael, I changed the parameter and got this message:> > Authorization Required> This server could not verify that you are authorized to access the document> requested. Either you supplied the wrong credentials (e.g., bad password),> or your browser doesn't understand how to supply the credentials required.
Well, you have to set up your environment to let the browser use SPNEGO/Kerberos.
Ciao, Michael.________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
