On Feb 28, 2005, at 1:29 AM, Nathan Zamprogno wrote:
So, my question is: what's involved for a user account in a managed
OS-X environment (that is, usernames, home folders, environment
preferences etc all being drawn from OS-X server 10.3 and it's
OpenLDAP based system) to be able to pass a "token" (for want of a
better phrase) to an outside service (like an authenticating web
proxy) so that the user only has to type in a login and password ONCE
per session. We want to be able to implement a web filter/monitoring
system that is as transparent to users as is possible. We run Mac and
Windows clients, but this is far more important for the Mac side.
Sounds like you need a proxy that does Kerberos.
There's no point me searching endlessly for a solution if there is
some fundamental limitation in the implementation of OS-X or LDAP that
means this can't be done. People talk about "Kerberos" as a technology
for doing such things, but I wouldn't know a Kerberos if it fell on
me.
Really?!? It's a 3-headed dog!
Can anyone educate me? Better still, does anyone know of a web
filtering solution that is Mac/OS-X Server friendly and offers this
feature?
We have an article about doing Squid with OD integration, but that
isn't what you are looking for. Websense supports kerberos, but I've
not seen it setup for use with Mac OS X clients before. A quick google
for 'web proxy kerberos' turns up more info, but not a lot.
Anyone?
Josh
--
Josh Wisenbaker, ACSA
http://www.afp548.com
Breaking my server to save yours.
