Monday 03 March 2008 4:47:00 am
We're considering implementing an eZpublish intranet built on a RedHat server, located on a Windows 2003 Network. Current intranet solution is IIS/VBscript/.NET. Management have made it clear that single sign on has to stay. Meaning that once a user logs on to a computer, no further logins are required to access the intranet. Just as importantly, we need to be able to build a profile of that user (eg name, groups, email address, preferences) out of AD, probably using a Kerberos UPN or similar as user ID. Also, we don't want to have to replicate and maintain a user database/directory separate from Active Directory. I'm aware of the various technologies and HTTP server requirements involved (Kerberos, LDAP, mod_auth_kerb etc). I'm wondering if the SPNEGO Integrated Windows Authentication described here ... http://ez.no/developer/open_funding/suggestions_for_new_functionality/signal_sign_on_active_directory/we_ve_done_something_similar ... does this, or comes close? Has anyone had any experience with it?
|