Kerberos vs. LDAP for authentication -- any opinions?
Douglas E. Engert
deengert at anl.gov
Fri Jan 30 10:00:55 EST 2004
"Dr. Greg Wettstein" wrote:
>
> On Jan 29, 8:45am, "Douglas E. Engert" wrote:
> } Subject: Re: Kerberos vs. LDAP for authentication -- any opinions?
>
> > Many of the Browser issues can be addressed by Kx509 from the
> > Univrsity of Michigan. It can obtain a short term X509 certificate
> > using Kerberos for authenticaiton. The certificate and key are then
> > stored so the browser can use it with SSL to any web server. It works
> > with IE and Netscape on Windows. It runs on UNIX and Mac as well.
> > http://www.citi.umich.edu/projects/kerb_pki/
>
> Didn't Whit Diffey file a patent which covered the concept of using
> short-term certificates as authentication brokers?
>
> If so does the Kx509 stuff have some sort of divine absolution with
> respect to it?
The University of Michigan would need to answer the question.
How short is short? The kx509 is just a CA that issues certificates
based on being authenticated via Kerberos. The lifetime of the certificate
could be for a day, or even a year.
>
> }-- End of excerpt from "Douglas E. Engert"
>
> As always,
> Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC.
> 4206 N. 19th Ave. Specializing in information infra-structure
> Fargo, ND 58102 development.
> PH: 701-281-1686
> FAX: 701-281-3949 EMAIL: greg at enjellic.com
> ------------------------------------------------------------------------------
> "Don't worry about people stealing your ideas. If your ideas are any
> good, you'll have to ram them down people's throats."
> -- Howard Aiken
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list