EDIT: SOLVED! See my answer below.
Greetings, I am looking for a way to do a single sign on to an intranet in the following manner:
- A Linux user logs on via a graphical frontend (for example, GNOME).
- He automatically requests a TGT for his username from the MIT Kerberos KDC.
- Via some way or another, the Apache server (which we'll assume is on the same server as the KDC), is informed that this user has logged in.
- When the user accesses the intranet, he is automatically granted access to his web applications.
I don't think I've seen this kind of functionality while searching the net. I know the following possibilities exist:
- Using an authentication module such as mod_auth_kerb, a user is presented with a login prompt to enter his username and password, which are then authenticated against the MIT Kerberos server. (I would like this to be automatic.)
- IIS supports integrated Windows logon via ASP.Net when the user is part of an Active Directory. (I'm looking for the Linux / Apache equivalent.)
Any suggestions, criticism and ideas are highly appreciated. This is for a school project to show a proof-of-concept, so every handy piece of information is more than welcome. :)