Menu
Is it possible to do optional kerberos authentication?
What I want is: if the client (browser) is not on the domain it is redirected to a username/password web login. Otherwise it will do SPNEGO do Kerberos authentication.
Is there is any solution for this? If Yes what are the configurations we required?
606
An example of mutual authentication:A user in a network using Kerberos can authenticate to a mail server to prove they are who they claim to be. On the other end, the mail server must also authenticate that it is truly the mail server and not some other service in the network pretending to be the mail server.
In our world, Kerberos is the computer network authentication protocol initially developed in the 1980s by Massachusetts Institute of Technology (MIT) computer scientists. The idea behind Kerberos is to authenticate users while preventing passwords from being sent over the internet.
Yes. You can do this. When the server receives an unauthenticated request, it replies with a 401 ("Authorization required") which is a header WWW-Authenticate set to Negotiate. If the Kerberos authentication fails, the server also send a 401 back.
Whenever the client fails to authenticate (for example, if it doesn't have any Kerberos credentials, or the authentication failed) the 401 page content will be shown.
So, to solve your problem, all you have to do is to include the login page on the 401 page.
125
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
