Passthrough Authentication
Authentication proxy using Kerberos and SPNEGO
Adding authentication to an application is an ungrateful part of development - users don't like to log in and there is a lot of duplication of effort. This project proposes an interesting alternative which benefits from the fact that browsers have retained built-in support for HTTP SPNEGO (with Kerberos included) for many years: by forwarding Kerberos tokens through a lightweight proxy to a "kerberized" authentication server that is part of the same Kerberos realm where the user logged in at the beginning of the day. The goal of this project is to make web modules, such as Apache, for the proxy and implement the authenticator using Diameter or another broker, and do the same for SASL using GSSAPI.
- The project's own website: https://mansoft.nl/PTA/
Run by Mansoft
This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.
