This login manager may be used to implement single sign on based on Kerberos authentication.
For this to work you will have to set up your server as well as your browser to exchange
kerberos tickes part of the HTTP header. See System.LdapContrib#Signle_Sign_On_and_LdapContrib
for more information.
If no ticket could be exchanged will this login manager fall back to Foswiki::LoginManager::LdapTemplateLogin
Construct the KerberosLogin object
returns user as already found in session
ObjectMethod login($request, $session)
Checks for a neogitiation HTTP header and redirects to login if not.
When found we will redirect to another view to perform the actual ticket exchange.
A special url parameter
will be set to prevent multiple redirects
happening by accident.
ObjectMethod forceAuthentication() → boolean
Triggered by an access control violation, this method tests
to see if the current session is authenticated or not. If not,
it does whatever is needed so that the user can log in, and returns 1.
If the user has an existing authenticated session, the function simply drops
though and returns 0.
performs the actual kerberos communication to extract the remote user name from the ticket
found in the HTTP header.