Contributed by jose on from the authentication dept.
This looks pretty neat and useful, and proably easier on users than the SSH based authpf we normally talk about.
(Comments are closed)
OpenBSD Journal
Contributed by jose on from the authentication dept.
This looks pretty neat and useful, and proably easier on users than the SSH based authpf we normally talk about.
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By inet65535 () tech@probsd.com on mailto:tech@probsd.com
By Mike () on
Comments
By Anonymous Coward () on
By Ben () on
By Alexandre Belloni () on http://www.piout.net
I'm sorry my apache doesn't listen to ipv6 yet.
By Alexandre Belloni () on http://www.piout.net
so you won't be bothered by the ipv6 dns reply :)
By Mike () on
By Anonymous Coward () on
By Anonymous Coward () on
Comments
By Alexandre Belloni () on
Comments
By Anonymous Coward () on
Comments
By Anon Y Mouse () on
LOL, I'm not sure why you would use kerberos
when LDAP has an SSL standard?
Gen up two openssl certs and go to town.
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Alexandre Belloni () on
Comments
By Anon Y Mouse () on
I don't think you understand me --
Microsoft's Active Directory HAS LDAP already implemented, including SSL encrypted LDAP.
Thus, the need for Kerberos is obviated.
http://www.wedgetail.com/jcsi/sso/doc/guide/ssl-setup.html
The PHP script should instead try to authenticate
to the AD via an SSL encrypted LDAP call.
No Kerberos required. Capiche?
Comments
By Anonymous Coward () on
Thank you code writer dude for writing the totally kewl program
By Alexandre Belloni () on
Comments
By Anonymous Coward () on
By philipp () on
having dedicated, physical subnets (like
crossover cable between firewall and auth-server)
- sniff that, kid!
(if one can physically reach that cable, you
already have different issues :) )
//pb
By Anonymous Coward () on
By Anonymous Coward () on
By Raymond () raymond@openminds.nl on www.openminds.nl
I agree that digest and HTTPS are better solutions. I've rewritten authpf into nph-authpf.cgi so it can also be used with digest.
Some other features:
- Will run chrooted
- Will check if the starter is the web user.
Even now, I'm not 100% convinced this is the way to go, although it's a lot better than the solutions provided by Nokia or Cisco.
Raymond.
Comments
By Anonymous Coward () on
Thanks
Comments
By Raymond () raymond@openminds.nl on www.openminds.nl
Comments
By earx () on
http://airsnarf.shmoo.com/
Comments
By Anonymous Coward () on