Kerberos http authentication
RL 'Bob' Morgan
rlmorgan at washington.edu
Thu Feb 14 19:06:12 EST 2002
On Mon, 11 Feb 2002, Joel D. Kraft wrote:
> "Donn Cave" <donn at u.washington.edu> wrote
> ...
> > Only inasmuch as the Kerberos authentication server can be used to
> > validate passwords. The proxy, if that's the right term, can get
> > a Kerberos ticket, and throw it away. The browser's host doesn't
> > ever see any of that, Kerberos credentials there are irrelevant.
> > The question would be not how well it integrates, rather what it
> > means to integrate - if you want a Kerberos application, it isn't,
> > but if you only want it to work at a site that has only Kerberos
> > passwords, it does. The rest is about cookies.
>
> Does anyone know of anything that will perform this function under
> IIS? We have an existing system with our own session management
> already set up. Currently most of the authentication takes place
> against a database... but we want to add kerberos to that.
The pubcookie package that Booker mentioned is available from the
University of Washington, and includes a filter for IIS. The weblogin
service has only been deployed on unix/apache, but it's a cgi so
theoretically could be made to work on Windows/IIS.
Internet2 is hosting a multi-university project:
http://middleware.internet2.edu/webiso/
to develop this architecture and secondarily the pubcookie software as a
sharable version of the weblogin one-offs produced by so many places.
There's a link on that page to get the pubcookie distribution. Project
participation is welcomed ...
- RL "Bob" Morgan
University of Washington
More information about the Kerberos
mailing list