Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

sqldatasource dal, wwwxxxenden, convert raid5 to raid 10 mdadm, apache force chunked, nrao wwwxxx, xxxxxdup, procmail change subject header, wwwXxx not20, Wwwxxx.doks sas, linux raid resync after reboot

Links

XODOX
Impressum

#1: Getting SPNEGO HTTP headers to a CGI?

Posted on 2008-04-23 15:25:08 by Michael Schlenker

Hi all,

trying to get the following setup to work:

Http SPNEGO SPNEGO via CORBA
IE <---------------------> IIS <---> CGI
<--------------------------------> AppServer

So basically using IIS as a primitve frontend for an AppServer that
can do Kerberos Auth itself (via SSPI or GSSAPI). The AppServer may be
on Windows but it may be on some Unix host, shouldn't matter.

Basically i would need to put the HTTP auth headers into the CGI
environment somehow but didn't find any IIS docs about it.

Not sure if this would work:

register an SPN HTTP/somevirtualhost.example.com@EXAMPLE.COM and let
the AppServer use that SPN with its call to SSPI AcquireCredentials()/
InitializeSecurityContext(). Now configure IIS somehow to pass all
Auth headers for http://somevirtualhost.example.com/.* to my CGI that
simply forwards stuff to the AppServer.

I know that its in principle unsafe to pass such info through CGI
environment vars, but for SPNEGO based Kerberos tokens it shouldn't
matter, those are designed for unsafe networks.

So is there a simple way to do this with IIS (handle auth stuff on the
CGI level)?

Michael

Report this message