[rt-users] Comprehension Question about LDAP and SSO
john s.
fireskyer at gmx.de
Fri Feb 25 08:50:17 EST 2011
john s. wrote:
Hm... sounds good and important
But what I just don't see.
How is the relationship between ldap and kerberos or ntlm?
In the Wiki Directory there is is an How to which describes the
implemantation from LDAP into RT
http://requesttracker.wikia.com/wiki/LdapSiteConfigSettingsForActiveDirectory
so if i do this below...
should i need keberos or ntlm configs anymore??
For my point of view if i use ldap to athentificate via ssl it should be
sufficient enough to get a proper authentifiaction with RT or not. If these
option able to provide negotiation authentification at all.?
sorry i dont get it
mcb30 wrote:
>
> On Thursday 24 Feb 2011 07:56:13 john s. wrote:
>> So recap aggain :
>>
>> - Apache Server with an kerberos module ( which?)
>
> mod_auth_kerb
>
>> - configure RT for kerberosmodule for apache
>> - and an entry in htacess for athentification with the AD
>> - an browser entry to get access to rt-server ( work ip's adresses
>> also?)
>
> Kerberos will attempt a reverse DNS lookup on the IP address to determine
> which principal name it should use for authenticating the server.
> (Kerberos
> provides mutual authentication; it insists on verifying that the server is
> the
> correct server as well as providing the users own credentials.) In
> practice,
> you either need fully working forward and reverse DNS, or you need a
> fairly
> deep understanding of how Kerberos works so you can figure out which bits
> of
> DNS you could safely omit.
>
>> How is this procedure called?... if i searching in the the net i only
>> found
>> methods to authentificate via kerberos without the windows logon.
>> *confusing
>
> A Windows Active Directory logon *is* a Kerberos logon, since AD uses
> Kerberos. By logging on to an Active Directory domain, you already have
> Kerberos credentials.
>
> By configuring your web server and browser as I outlined previously, you
> can
> instruct Windows to pass on these credentials to the web server
> transparently.
> Everything will (eventually) appear to work magically. :)
>
> Michael
>
>
-----
best regards john
--
View this message in context: http://old.nabble.com/Comprehension-Question-about-LDAP-and-SSO-tp30995959p31013192.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.
More information about the rt-users
mailing list