[CentOS] Practical experience with NTLM/Windows Integrated Authentication [Apache]

Tue Feb 17 00:07:27 UTC 2009
Christopher Chan <christopher.chan at bradbury.edu.hk>

Ross Walker wrote:
> On Feb 16, 2009, at 3:13 AM, "Sorin Srbu" <sorin.srbu at orgfarm.uu.se>  
> wrote:
>
>   
>>> -----Original Message-----
>>> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
>>>       
>> Behalf
>>     
>>> Of Christopher Chan
>>> Sent: Monday, February 16, 2009 8:53 AM
>>> To: CentOS mailing list
>>> Subject: Re: [CentOS] Practical experience with NTLM/Windows  
>>> Integrated
>>> Authentication [Apache]
>>>
>>>
>>>       
>>>>> No, NTLM auth works in Firefox (at least on Firefox on Windows, I
>>>>> don't think it will work in other platforms though).
>>>>>           
>>>> It doesn't. NTLM auth to eg Sharepoint sites works fine with  
>>>> Firefox in
>>>> Windows. Setting the same things in Firefox under linux and having  
>>>> it
>>>>         
>> login
>>     
>>>> to sharepoint doesn't.
>>>>         
>>> I don't think any other OS other than Windows has NTLM bindings.
>>>       
>> Probably not, but I was thinking there may be some obscure package  
>> somewhere
>> on the 'net to do this.
>>     
>
> Avoid NTLM all together and use Kerberos between apache/squid, Active  
> Directory and the Windows and Linux clients.
>
> Firefox and IE both support Kerberos authentication. I believe apache/ 
> squid do too, but you need a manually create the service principal  
> names in AD for those.
>
> Use pam_krb5 on the Linux clients to get a ticket on login.
>   
Mind sharing the pam config for that? I have something setup but things 
don't seem to work.
> Use samba client on Linux hosts to join to domain and manage the  
> Kerberos keytab file for the machine passwords.
>   
Hmm...maybe I should not have manually created the credentials.