Ross Walker wrote: > On Feb 16, 2009, at 3:13 AM, "Sorin Srbu" <sorin.srbu at orgfarm.uu.se> > wrote: > > >>> -----Original Message----- >>> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On >>> >> Behalf >> >>> Of Christopher Chan >>> Sent: Monday, February 16, 2009 8:53 AM >>> To: CentOS mailing list >>> Subject: Re: [CentOS] Practical experience with NTLM/Windows >>> Integrated >>> Authentication [Apache] >>> >>> >>> >>>>> No, NTLM auth works in Firefox (at least on Firefox on Windows, I >>>>> don't think it will work in other platforms though). >>>>> >>>> It doesn't. NTLM auth to eg Sharepoint sites works fine with >>>> Firefox in >>>> Windows. Setting the same things in Firefox under linux and having >>>> it >>>> >> login >> >>>> to sharepoint doesn't. >>>> >>> I don't think any other OS other than Windows has NTLM bindings. >>> >> Probably not, but I was thinking there may be some obscure package >> somewhere >> on the 'net to do this. >> > > Avoid NTLM all together and use Kerberos between apache/squid, Active > Directory and the Windows and Linux clients. > > Firefox and IE both support Kerberos authentication. I believe apache/ > squid do too, but you need a manually create the service principal > names in AD for those. > > Use pam_krb5 on the Linux clients to get a ticket on login. > Mind sharing the pam config for that? I have something setup but things don't seem to work. > Use samba client on Linux hosts to join to domain and manage the > Kerberos keytab file for the machine passwords. > Hmm...maybe I should not have manually created the credentials.