Deepak,
Actually if your sites are for internal users only you might as well just
protect the entire site with kerberos authentication, using Apache's mod_krb5
When your entire site is protected you don't need any special login code in
your application. Just get the user identity from REMOTE_USER variable.
If you are on IIS, all you need to do is to click the checkbox that says
'Enable Integrated Windows Authentication'
If you have a hybrid site that is accessible to both internal and external
users, you have to go with the Ken's suggestion.
Good thing about having the entire site proctected is that every browser
request will be protected by unique token. This way you will get extra
protection against people who try to steal authenitcation cookies Don't worry
about the performance, kerberos authentication is ligthningly fast. However,
if your traffic goes outside of your corporate network you have to use
encrypted channels either through VPN or HTTPS.
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
