You're setting up a Kerberos realm here. By design this is supposed
to be invisible to the user, so the auth is attempted without the
user being asked.
To test this, you need to make sure that you have a Kerberos ticket
from the OD domain
I do... I am already authenticated. Just to be sure, I checked my
ticket, and it had recently renewed.
and that the server hosting your web site has been integrated into
the Kerberos realm hosted by OD.
Would you happen to have the patience to deal with my ignorance and
explain this a bit further? I can think of a few things you might
mean by that, but alas, don't really know. All of this is on the same
server and subnet, so what would still be left to integrate? Does the
host name of the web site in question have to be the same as the
default machine name of the OD master or something? (I am using an
alias now, because I would like this web host to have a different
name than the OD master host.) I'm just not sure what you mean. If
there's a manual page you could refer me to instead, I'll do my own
homework...
I do see on page 44 of Web Technologies:
"If you want Kerberos authorization for the realm the server must be
joined to a Kerberos domain, and SSL must be on for the site."
But I don't see how that means something other than what I have.
Then, if all the bits are in place, you won't be bothered with any
dialog at all, you'll just be authed automatically.
Thanks for the help, Joel.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
