Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Browser login with Windows domain login

RE: Browser login with Windows domain login

From: David Carroll <carroll_6106_at_msn.com>
Date: Fri, 09 Apr 2004 00:07:25 +0000

Try this for Apache....SPNEGO interceptor.

http://modgssapache.sourceforge.net/

Does the trick.

David

>From: <stevenr_at_mastek.com>
>To: <webappsec_at_securityfocus.com>
>Subject: RE: Browser login with Windows domain login
>Date: Thu, 8 Apr 2004 20:50:42 +0530
>
>
>Hi all
>
>Thanks for all the pointers guys/gals. I will follow them up. One
>clarification though, the web server is not IIS alone, its Apache from
>Oracle 9i App server. There is an existing IIS-based application
>existing, but that's not within my scope. So basically the web
>application would reside on Apache 1.3.
>
>Regards
>Steve
>
>-----Original Message-----
>From: Steven Rebello
>Sent: Thursday, April 08, 2004 6:52 PM
>To: webappsec_at_securityfocus.com
>Subject: Browser login with Windows domain login
>
>Hi
>
>I needed some pointers/links/tips from you folks on a problem.
>
>I have a web-based application. Is it possible to sign in a user into
>the browser based application transparently based on the windows NT
>domain login. By this I mean that when the user opens the browser and
>types in the URL, the client machine should automatically send the user
>credentials to the application. FYI, the windows domain login is
>authenticated against Microsoft Active Directory.
>
>If this is possible, can anyone point me to some sites/tutorials? I have
>googled but have not come up with anything useful, hence this mail.
>
>Are there any known vulnerabilites with this kind of approach for web
>based logins?
>
>Any help would be appreciated.
>
>Thanks
>Steve
>
>
>MASTEK
>"Making a valuable difference"
>Mastek in NASSCOM's 'India Top 20' Software Service Exporters List.
>In the US, we're called MAJESCO
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Opinions expressed in this e-mail are those of the individual and not
>that of Mastek Limited, unless specifically indicated to that effect.
>Mastek Limited does not accept any responsibility or liability for it.
>This e-mail and attachments (if any) transmitted with it are
>confidential and/or privileged and solely for the use of the intended
>person or entity to which it is addressed. Any review, re-transmission,
>dissemination or other use of or taking of any action in reliance upon
>this information by persons or entities other than the intended
>recipient is prohibited. This e-mail and its attachments have been
>scanned for the presence of computer viruses. It is the responsibility
>of the recipient to run the virus check on e-mails and attachments
>before opening them. If you have received this e-mail in error, kindly
>delete this e-mail from all computers.
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>

_________________________________________________________________
Get rid of annoying pop-up ads with the new MSN Toolbar – FREE!
http://toolbar.msn.com/go/onm00200414ave/direct/01/
Received on Apr 09 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]