Kerberos vs. LDAP for authentication -- any opinions?

Dr. Greg Wettstein greg at wind.enjellic.com
Tue Feb 3 09:48:24 EST 2004 

On Feb 2,  3:27pm, "Douglas E. Engert" wrote:
} Subject: Re: Kerberos vs. LDAP for authentication -- any opinions?

Hi Douglas, thanks for the note and the summary.

> I would say kx509 is not covered by the patent, The KCA is not a
> repository for a users certificate and private key.  Kx509 generates
> a new keypair each time it is called and sends a X509 request with
> the public key to the KCA which signs the request creating a new
> certificate each time.  This is it not a key repository. The KCA
> never sees the private key. The private key does not go over the
> network.

Interesting and certainly makes sense.  I've never had the time to
look into Kx509 as closely as I probably should have.  Your
description helps me understand the strategy a lot better.  I believe
your technical points with respect to the patent are correct.

> But, based on the snippet you sent, storing the private key in a 
> authenticated encrypted distributed file system so the user could retrieve 
> it might be covered by the patent! Which would make me believe the patent 
> might not hold up. 
>
> Anyway, I was not trying to get into a patent discussion, I was pointing
> out that kx509 is a great way to use Kerberos authentication with existing
> browsers and web servers. 

Patents were not my focus either although your summary was interesting
and helpful.  Thanks again for the insight.

>  Douglas E. Engert  <DEEngert at anl.gov>

Best wishes for a productive week to everyone.

}-- End of excerpt from "Douglas E. Engert"

As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-1686
FAX: 701-281-3949           EMAIL: greg at enjellic.com
------------------------------------------------------------------------------
                        The Master doesn't talk, he acts.
                        When his work is done,
                        the people say, "Amazing:
                        we did it, all by ourselves!"
                                -- Lao-tzu

More information about the Kerberos mailing list