Kerberos authentication for Web Services

jeremy redburn jredburn at wso.williams.edu
Mon Jul 8 11:04:21 EDT 2002


I am interested in building a system (similar to Microsoft's .Net My
Services) that is a family of web services that clients authenticate
against using Kerberos. The idea is to have clients hit the KDC via
SOAP calls over SSL and get the ticket. Then they ask the KDC for a
ticket to communicate with a specific web service. Once I have that, I
should be able to encrypt all SOAP messages to the web service and
just pass the username.

But this doesn't seem to fit into the idea of how Kerberos
authentication works. Is anyone doing Kerberos authentication via SOAP
calls? What do people recommend for an authentication mechanism for a
family of web services?

thanks.



More information about the Kerberos mailing list