Kerberos vs. LDAP for authentication -- any opinions?

Douglas E. Engert deengert at anl.gov
Fri Jan 30 10:00:55 EST 2004



"Dr. Greg Wettstein" wrote:
> 
> On Jan 29,  8:45am, "Douglas E. Engert" wrote:
> } Subject: Re: Kerberos vs. LDAP for authentication -- any opinions?
> 
> > Many of the Browser issues can be addressed by Kx509 from the
> > Univrsity of Michigan. It can obtain a short term X509 certificate
> > using Kerberos for authenticaiton. The certificate and key are then
> > stored so the browser can use it with SSL to any web server. It works
> > with IE and Netscape on Windows. It runs on UNIX and Mac as well.
> >   http://www.citi.umich.edu/projects/kerb_pki/
> 
> Didn't Whit Diffey file a patent which covered the concept of using
> short-term certificates as authentication brokers?
> 
> If so does the Kx509 stuff have some sort of divine absolution with
> respect to it?

The University of Michigan would need to answer the question. 

How short is short? The kx509 is just a CA that issues certificates
based on being authenticated via Kerberos. The lifetime of the certificate 
could be for a day, or even a year. 

> 
> }-- End of excerpt from "Douglas E. Engert"
> 
> As always,
> Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
> 4206 N. 19th Ave.           Specializing in information infra-structure
> Fargo, ND  58102            development.
> PH: 701-281-1686
> FAX: 701-281-3949           EMAIL: greg at enjellic.com
> ------------------------------------------------------------------------------
> "Don't worry about people stealing your ideas.  If your ideas are any
> good, you'll have to ram them down people's throats."
>                                 -- Howard Aiken

-- 

 Douglas E. Engert  <DEEngert at anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444


More information about the Kerberos mailing list