Cross-Realm authentication
Rouiller Claude
claude.rouiller at rtc.ch
Fri Jul 2 09:52:32 EDT 2004
Hi
I've just implemented a prototyp of SSO, using Java and Microsoft Kerberos.
And it works nicely (thanks to those from this list who helped me) !!
Then, I've presented my work to our security experts (who are not Kerberos
fans).
When I said that I had only tested the prototype within one REALM, one of
the security experts said the following:
Expert: "You can't put your SSO in production, because Kerberos cross realm
authentication doesn't work!"
Me: "Is it an issues in Microsoft Kerberos?"
Expert: "No. The Kerberos protocol has been so poorly designed, that
cross-realm authentication just doesn't work at all. Maybe Microsoft has
implemented something proprietary to make it work, but it would not be
standard!".
Of course I've looked for some documentation about this issue, but i've
found nothing.
Does anyone know someting about this issue?
Thanks,
Claude
More information about the Kerberos
mailing list