Send in your ideas. Deadline October 1, 2024
Theme fund: NGI0 Entrust
Start: 2023-06
More projects like this
Software engineering

Passthrough Authentication

Authentication proxy using Kerberos and SPNEGO

Adding authentication to an application is an ungrateful part of development - users don't like to log in and there is a lot of duplication of effort. This project proposes an interesting alternative which benefits from the fact that browsers have retained built-in support for HTTP SPNEGO (with Kerberos included) for many years: by forwarding Kerberos tokens through a lightweight proxy to a "kerberized" authentication server that is part of the same Kerberos realm where the user logged in at the beginning of the day. The goal of this project is to make web modules, such as Apache, for the proxy and implement the authenticator using Diameter or another broker, and do the same for SASL using GSSAPI.

Run by Mansoft

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.