[Previous] [Next] [Index]
[Thread]
Kerberos authentication for X-Mosaic 2.4 and NCSA HTTPD
I've implemented kerberos 4 mutual authentication in NCSA's httpd and Mosaic
for X 2.4. I did this in a manner that attempts to be true to the HTTP
documents I found at CERN, and to what was already in libwww. Virtually all
of the Mosaic modifications are in libwww. The code is what I would call
beta quality; I hope to have it ready for production in a few weeks (in time
for the start of Columbia's school year).
Unfortunately, the spec I found did not seem to be designed with mutual
authentication in mind, so I had to add a MIME header which httpd sends back
to the client, containing the server's side of the mutual autentication
conversation. Essentially, the dialog looks like what's specified in
http://info.cern.ch/hypertext/WWW/Protocols/HTTP/HTRQ_Headers.htm#z9
except that the client sends
Authorization: KerberosV4 <client half of mutual auth encoded in ascii>
and the server sends back in the requested document's MIME headers
WWW-Authenticate: KerberosV4 <server side of mutual auth>
Right now, if the server does not authenticate to the client properly I just
throw out a warning message.
If anyone is interested in this, please let me know. I'd like to hand the
libwww mods back to CERN: there were already some kerberos placeholders in
libwww. In fact, the code in libwww clashes slightly with what's in the HTTP
headers document: the headers document says that the Authorization line
should say "kerberos kerberosauthenticationparameters", but the libwww code
expects to see "KerberosV4" or "KerberosV5".
Ben Fried
Academic Information Systems
Columbia University
Follow-Ups: