|
|
| Author |
Message |
< Yaws mailing list ~ [patch] Support for SPNEGO and GSSAPI negotiation |
| Guest |
 Posted: Wed Sep 19, 2007 9:02 pm |
 |
|
|
Guest
|
Hi,
this patch adds support for SPNEGO and GSSAPI negotiation to yaws. It's
compatible with both Linux/Unix and Windows. Supporting both Kerberos
for windows (kfw) and SSPI on Windows.
It's implemented as an authmod called authmod_gssapi. Adding it to
start_mod in <server> and authmod in an <auth> tag activates the module.
It expects a Kerberos keytab in <opaque>. The keytab should contain
key(s) for "HTTP/<fqdn>@<REALM>", where <fqdn> is the fully qualified
domain name of the host and <REALM> the kerberos realm.
For example:
<server fqdn>
port = 80
listen = 0.0.0.0
docroot = /usr/share/yaws
start_mod = authmod_gssapi
<auth>
authmod = authmod_gssapi
dir = /
</auth>
<opaque>
keytab = /etc/yaws/http.keytab
</opaque>
</server>
The authmod_gssapi module depends on egssapi from:
http://www.hem.za.org/egssapi/
Regards,
Mikael
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Wed Sep 19, 2007 9:36 pm |
|
|
|
Guest
|
Mikael Magnusson wrote:
> Hi,
>
> this patch adds support for SPNEGO and GSSAPI negotiation to yaws. It's
> compatible with both Linux/Unix and Windows. Supporting both Kerberos
> for windows (kfw) and SSPI on Windows.
>
Brilliant, could you also please add some text to man/yaws.conf.5
describing the feature.
The opaque dependency as well as the dependency on the other code
that is being used must be documented. I see calls to spnego, egssapi ...
Where is that code, which versions ??? do we need.
I hold the patch until I see the above.
/klacke
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Erlyaws-list mailing list
Erlyaws-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/erlyaws-list
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Fri Sep 21, 2007 10:14 am |
|
|
|
Guest
|
Claes Wikstrom wrote:
> Mikael Magnusson wrote:
>> Hi,
>>
>> this patch adds support for SPNEGO and GSSAPI negotiation to yaws.
>> It's compatible with both Linux/Unix and Windows. Supporting both
>> Kerberos for windows (kfw) and SSPI on Windows.
>>
>
> Brilliant, could you also please add some text to man/yaws.conf.5
> describing the feature.
> The opaque dependency as well as the dependency on the other code
> that is being used must be documented. I see calls to spnego, egssapi ...
>
> Where is that code, which versions ??? do we need.
>
> I hold the patch until I see the above.
>
> /klacke
Maybe it should be made more integrated in yaws, and use a custom
parameter name in yaws.conf instead of an opaque key-value pair? Or
authmod_gssapi could be distributed as an add-on or an example instead.
Authmod_gssapi requires egssapi version 0.1~pre2, the current version,
available from http://www.hem.za.org/egssapi/ . Egssapi is a library and
portdriver which depends on MIT kerberos5.
http://www.hem.za.org/egssapi/egssapi-0.1~pre2.tar.gz
Mikael
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Erlyaws-list mailing list
Erlyaws-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/erlyaws-list
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Fri Sep 21, 2007 10:41 am |
|
|
|
Guest
|
Mikael Magnusson wrote:
> Maybe it should be made more integrated in yaws, and use a custom
> parameter name in yaws.conf instead of an opaque key-value pair?
Nahhh, the opaque approach is ok, Good enough.
> Or
> authmod_gssapi could be distributed as an add-on or an example instead.
>
I think that having it as a std part of the yaws codebase is
just fine. All I wanted was some docs making it possible for
people to use it without having to scan the mailinglist for
the original post.
??
/klacke
--
Claes Wikstrom -- Caps lock is nowhere and
http://www.tail-f.com -- everything is under control
cellphone: +46 70 2097763
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Erlyaws-list mailing list
Erlyaws-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/erlyaws-list
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Sat Sep 22, 2007 7:53 pm |
|
|
|
Guest
|
|
| Back to top |
|
| Guest |
| Posted: Sun Sep 23, 2007 9:09 pm |
|
|
|
Guest
|
|
| Back to top |
|
|
|
All times are GMT
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
|
|
Digg It
Del.icio.us
Reddit
Facebook
Stumble Upon
Technorati
