[Freeipa-devel] Freeipa and Kerberos
Simo Sorce
ssorce at redhat.com
Mon Dec 1 00:37:14 UTC 2008
On Sun, 2008-11-30 at 12:48 -0700, Jason Gerard DeRose wrote:
> One other thing: because our production version always runs behind
> Apache, we send the Kerberos ticket in the HTTP headers (which is what
> mod_auth_kerb expects). But if you aren't planning to run behind
> Apache,
> it will probably be more convenient for you (and for the consumers of
> your XML-RPC API) to send the Kerberos ticket as an XML-RPC argument
> (say the first argument).
We perform kerberos authentication in apache useing RFC 4559 (IIRC).
Any implementation that want's to easily interoperate should do the
same. Besides letting others do all the challenge response stuff fro you
is much easier.
That said PyKerberos (found as python-kerberos) in Fedora, should be
easy enough to use to implement RFC 4559 style implementation as that's
what Apple built this module for afaik.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list