Kanwar Ranbir Sandhu wrote:
On Mon, 2009-02-16 at 15:21 -0500, Ross Walker wrote:
Avoid NTLM all together and use Kerberos between apache/squid, Active Directory and the Windows and Linux clients.
Firefox and IE both support Kerberos authentication. I believe apache/ squid do too, but you need a manually create the service principal names in AD for those.
I was using NTLM at first, but then switched to Kerberos (on the CentOS server side). The Windows users didn't see a difference. For them, SSO works just as well as before, but I still get prompted to enter user/password when I use my Fedora 10 desktop to browse to CentOS hosted web sites.
My Fedora desktop is joined to the domain. I can login with my AD user/password. I even have caching working, which lets me sign on to my laptop when it's not connected to the network.
I suppose I've missed something, though I don't know what.
Maybe kerberos authentication?
I have winbind authentication working here but I have yet to get kerberos working to get SSO on Linux desktops.