[pubcookie-users] migrating to pubcookie from mod_ntlm
schwoerb at doit.wisc.edu
Fri Jun 8 12:21:27 PDT 2007
We are toying with the idea of doing this. There is one main question that
this touches on for us though. The portal requests re-authentication; how
do we handle this, e.g., do we force reverting to ldap authentication?
Something I found encouraging was that safari, and firefox work on the Mac,
and ie and firefox work on Win XP.
I compiled mod_auth_kerb-5.3 with the following config statement
"./configure --with-apache=/usr/local/webiso/apache --with-krb4=no
The actual module I configured like this in apache:
ErrorDocument 401 /login
/login is another URI we have mapped to the index.cgi. I found in the
limited testing I did that if a user had a token they would authN to the
apache location. If not, the " ErrorDocument 401 /login" would redirect
them to the traditional login form.
The part I do not have hooked up yet is the actual module authentication in
front of pubcookie. This should be easy though, since I had a similar setup
for certs as the authentication in front of pubcookie using the flavor_trust
that I had posted a while ago.
On 6/7/07 5:32 PM, "Nathan Dors" <dors at cac.washington.edu> wrote:
> This isn't supported in the current software, but the concept has
> come up and it should be possible by adding SPNEGO support to the
> login cgi. No one AFAIK has done that yet.
> On Wed, 6 Jun 2007, Kevin Karwaski wrote:
>> I am trying to transition my company to a secure SSO system. We are
>> currently using mod_ntlm to pass workstation credentials to active
>> directory. This is not an ideal approach.
>> Is it possible to pass windows workstation logon credentials to a
>> pubcookie logon server? Is there a way to tell pubcookie that a valid,
>> existing authenticated session (my workstation logon) exists? This would
>> make for a seamless transition to pubcookie. Perhaps I'm unclear on
>> pubcookie's abilities but I have not been able to verify weather or not
>> this is possible.
>> Any info would be greatly appreciated!
>> pubcookie-users mailing list
>> pubcookie-users at u.washington.edu
> pubcookie-users mailing list
> pubcookie-users at u.washington.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2053 bytes
Desc: not available
Url : http://mailman1.u.washington.edu/pipermail/pubcookie-users/attachments/20070608/560b720c/smime.bin
More information about the pubcookie-users