Running SPNEGO Kerberos in parallel with username/password authentication

蓝咒 提交于 2019-12-23 01:19:25

问题


I would like to support both Kerberos and standard username+password authentication (via web form) in parallel. This is works fine, when the client is in the domain. The server returns the HTTP header "WWW-Authenticate: Negotiate" and sends an HTTP error 401 (unauthorized), as required by the Kerberos protocol, and the browser client then continues by sending the required information. But when the login page is accessed from outside the domain, the process stops on the client-side after receiving the 401.

Is there a way to run these two authentication methods in parallel? (same question here, without a conclusive solution: Optional SPNEGO Kerberos authentication)


回答1:


You are better off implementing the same approach as mod_auth_gssapi, it offers Basic also and performs the auth loop internally as if your client is sending the SPNEGO token.



来源:https://stackoverflow.com/questions/41375245/running-spnego-kerberos-in-parallel-with-username-password-authentication

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!