[CentOS] Practical experience with NTLM/Windows Integrated Authentication [Apache]

Tue Feb 17 01:39:34 UTC 2009
Ross Walker <rswwalker at gmail.com>

On Mon, Feb 16, 2009 at 7:33 PM, Kanwar Ranbir Sandhu
<m3freak at thesandhufamily.ca> wrote:
> On Tue, 2009-02-17 at 08:05 +0800, Christopher Chan wrote:
>> Maybe kerberos authentication?
>>
>> I have winbind authentication working here but I have yet to get
>> kerberos working to get SSO on Linux desktops.
>
> Isn't winbind enough?  Afterall, winbind gets the kerberos ticket when
> the user logs in.
>
> What's the difference between kerberos auth and winbind auth?

The difference is that winbind authentication is NTLM and it's good
for that endpoint only, but it can't be forwarded on to other services
for a SSO experience (unless there is an NTLM session cache and the
applications are written to use it ala Windows, but it is insecure).

-Ross