[CentOS] Practical experience with NTLM/Windows Integrated Authentication [Apache]
Kanwar Ranbir Sandhu
m3freak at thesandhufamily.ca
Mon Feb 16 23:03:58 UTC 2009
On Mon, 2009-02-16 at 15:21 -0500, Ross Walker wrote:
> Avoid NTLM all together and use Kerberos between apache/squid, Active
> Directory and the Windows and Linux clients.
>
> Firefox and IE both support Kerberos authentication. I believe apache/
> squid do too, but you need a manually create the service principal
> names in AD for those.
I was using NTLM at first, but then switched to Kerberos (on the CentOS
server side). The Windows users didn't see a difference. For them, SSO
works just as well as before, but I still get prompted to enter
user/password when I use my Fedora 10 desktop to browse to CentOS hosted
web sites.
My Fedora desktop is joined to the domain. I can login with my AD
user/password. I even have caching working, which lets me sign on to my
laptop when it's not connected to the network.
I suppose I've missed something, though I don't know what.
Regards,
Ranbir
--
Kanwar Ranbir Sandhu
Linux 2.6.27.12-170.2.5.fc10.x86_64 x86_64 GNU/Linux
17:57:09 up 5 days, 19:44, 3 users, load average: 0.21, 1.13, 1.00
More information about the CentOS
mailing list