WebISO: the killer kerberos app?
Christopher Kranz
clk at princeton.edu
Fri Mar 5 13:45:56 EST 2004
Russ Allbery <rra at stanford.edu> wrote in message news:<87brnc9ihf.fsf at windlord.stanford.edu>...
>
> This is exactly the design of Stanford's WebAuth v3. :) See:
>
> <http://webauthv3.stanford.edu/>
This is lot closer to what I had envisioned than say Pubcookie. But
it still looks like it does more work than it has to.
Why not just pass the TGT, the session ticket, and the authenticator
as cookies? Let Kerberos do the hard stuff. Kerberos was designed to
be able to securely authenticate someone over an insecure network.
This way you don't have to create new types of tokens or require that
the connection between the web client and the web application server
be encrypted.
I am sure I am missing something. I will keep digging. Thanks for
the response.
Christopher Kranz
clk at princeton.edu
More information about the Kerberos
mailing list