[CentOS] Practical experience with NTLM/Windows Integrated Authentication [Apache]
Ross Walker
rswwalker at gmail.com
Mon Feb 16 20:21:58 UTC 2009
On Feb 16, 2009, at 3:13 AM, "Sorin Srbu" <sorin.srbu at orgfarm.uu.se>
wrote:
>> -----Original Message-----
>> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf
>> Of Christopher Chan
>> Sent: Monday, February 16, 2009 8:53 AM
>> To: CentOS mailing list
>> Subject: Re: [CentOS] Practical experience with NTLM/Windows
>> Integrated
>> Authentication [Apache]
>>
>>
>>>> No, NTLM auth works in Firefox (at least on Firefox on Windows, I
>>>> don't think it will work in other platforms though).
>>>
>>> It doesn't. NTLM auth to eg Sharepoint sites works fine with
>>> Firefox in
>>> Windows. Setting the same things in Firefox under linux and having
>>> it
> login
>>> to sharepoint doesn't.
>>
>> I don't think any other OS other than Windows has NTLM bindings.
>
> Probably not, but I was thinking there may be some obscure package
> somewhere
> on the 'net to do this.
Avoid NTLM all together and use Kerberos between apache/squid, Active
Directory and the Windows and Linux clients.
Firefox and IE both support Kerberos authentication. I believe apache/
squid do too, but you need a manually create the service principal
names in AD for those.
Use pam_krb5 on the Linux clients to get a ticket on login.
Use samba client on Linux hosts to join to domain and manage the
Kerberos keytab file for the machine passwords.
Use winbind to get passwd/group files via nsswitch.
-Ross
More information about the CentOS
mailing list