Kerberos - Security measures b/n client and webserver ?

rohit bajaj rohitcbajaj at
Mon Aug 11 15:06:39 EDT 2003

I'm trying to implement Kerberos5 authentication in
our web based application. I have question about the
security now. Our's is a java/jsp application with
3-tiered architecture. The Application server is
tomcat. If we have the users supplying their username
& password from the browser how does the security be
handled? Because I guess the kerberos authentication
code is running off of the webserver and the
authentication would be done between the
Application/web server & the ADS only. But what
happens when sending the password from the browser to
the web server through post method? Are there any
additional security measures to be implemented between
the Client & the webserver ? Please help me as I'm
fairly new to this.

Thank you in anticipation,

Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

More information about the Kerberos mailing list