samba - Oct 2004 - automatically authenticate domain logged-on users ina pache with AD/NTDOM?

Yeah, "interoperate over either NTLM or Kerberos to provide SSO",
that's
exactly what I'm talking about! Only, I want to trade IIS for apache@unix. 
I can still use Explorer@windows for clients.

Very interesting, though, that Mozilla has been kerberized. I knew it would 
happen, but I haven't read anything about that.

Thanks for the input,
Palle

--On fredag 22 oktober 2004 11.14 -0700 Aaron Grewell <AGrewell@uwb.edu> 
wrote:
> IIS and IE can interoperate over either NTLM or Kerberos to provide SSO.
> Mozilla has an OSS implementation of this, but last I heard it only
> supported NTLM not Kerb.  Moz supports Kerberos on some platforms via
> GSSAPI (http://www.mozilla.org/releases/mozilla1.7b/README.html), which
> in combination with mod_auth_kerb (http://modauthkerb.sourceforge.net/)
> is supposed to provide SSO on Unix-type platforms.
>
> On Fri, 2004-10-22 at 18:49 +0200, Palle Girgensohn wrote:
>> Hi!
>>
>> I don't use MS products at all, so I have very little knowledge
with
>> them,
>
>> but I believe Microsoft has as protocol where Internet Explorer can
>> automatically authenticate against an IIS server, and given that the
> server
>> and client are on the same NT domain, and the client user is logged in
>> to  that domain, the user is automatically logged in without the need
to
>> give  away the password one more time to the webserver.
>>
>> What is happening between the web server & the web client? Is the
>> protocol
>
>> open or reverse engineered? Can this authentication be done using
apache
>> @
>
>> unix (perhaps by apache interacting with samba somehow)?
>>
>> Any ideas or links to more info about this would be much appreciated.
>> Thanks!
>>
>> /Palle
>>