On Feb 16, 2009, at 3:13 AM, "Sorin Srbu" sorin.srbu@orgfarm.uu.se wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On
Behalf
Of Christopher Chan Sent: Monday, February 16, 2009 8:53 AM To: CentOS mailing list Subject: Re: [CentOS] Practical experience with NTLM/Windows Integrated Authentication [Apache]
No, NTLM auth works in Firefox (at least on Firefox on Windows, I don't think it will work in other platforms though).
It doesn't. NTLM auth to eg Sharepoint sites works fine with Firefox in Windows. Setting the same things in Firefox under linux and having it
login
to sharepoint doesn't.
I don't think any other OS other than Windows has NTLM bindings.
Probably not, but I was thinking there may be some obscure package somewhere on the 'net to do this.
Avoid NTLM all together and use Kerberos between apache/squid, Active Directory and the Windows and Linux clients.
Firefox and IE both support Kerberos authentication. I believe apache/ squid do too, but you need a manually create the service principal names in AD for those.
Use pam_krb5 on the Linux clients to get a ticket on login.
Use samba client on Linux hosts to join to domain and manage the Kerberos keytab file for the machine passwords.
Use winbind to get passwd/group files via nsswitch.
-Ross