GSSAPI x Kerberos
silvio@gdora.com.br
silvio at gdora.com.br
Thu Jul 10 11:25:45 EDT 2003
Citando "Douglas E. Engert" <deengert at anl.gov>:
> > The other problem I'll have to solve is to implement the authentication
> over
> > HTTP, any suggestions?
>
> Look at the kx509 from the University of Michigan. It uses Kerberos
> authentication
> to obtain a short term certificate. This certificate can then be used by IE
> or Netscape.
> You then use the standard SSL in the browsers and web servers.
> The client can run on any Unix, Mac or Windows.
Sorry, I forgot to give a few informations about why I need to use GSS over
HTTP (the link will help anyway :-))
I have an application that uses HTTP (or HTTPS) to communicate between the
server and the clients and neither are browsers or web servers... The
application contains the implementation of HTTP to server and client, today,
there's support to Basic and Digest Authentication and I want to put GSS
authentication there too... I know that some browsers (IE and patched Mozilla)
suports that, but I don't know witch to use, the Mozilla implementation os
Microsoft's... They both seens to be very simple, the GSS information goes
after a specific tag (IE uses Negoticate, Mozilla uses GSS-Negotiate), like
this:
WWW-Authenticate: Negotiate SPNEGO_data
SPNEGO seens to encapsulate GSSAPI data (I didn't readed all of the RFC yet),
but I don't think it will be useful, I was thinking in implementing the GSS
data directly...
Any recomendations?
Silvio Fonseca
Linux Consultant
-------------------------------------------------
Relato Consultoria de Informática
Rua Mto. João Gomes de Araújo, 106 cj. 42
Alto de Santana - São Paulo - SP
Telefones: (11) 6978-5253 / (11) 6978-5262
Fax: (11) 6971-3115
More information about the Kerberos
mailing list