WebISO: the killer kerberos app?
Damon Rand
damon-mail at cybermagic.co.nz
Mon Mar 15 07:24:23 EST 2004
> > My personal recommendation for webauth right now seems to be supporting
> > both gssapi negotiate and pubcookie. I'd prefer a stronger solution
> > than gssapi negotiate. The HTTP SASL draft is being last called, so
> > perhaps we'll get our wish.
>
> I would love it if all cookie-based Kerberos authentication mechanisms
> would go the way of the dodo because real SASL support showed up in HTTP
> servers and clients. The client part is going to be the hard bit, but I
> would love it if WebAuth became obsolete because my Mozilla just spoke
> Kerberos all by itself.
Sorry to jump in late here but..
Is the clientside solution fundamentally flawed in the extranet sense?
I was under the impression that the client workstation had to be
logged into the same domain as the server.. ie. If a web user was
logged into the ACME domain from their ACME workstation then they
can't come to my site and use SPNEGO (or SASL?) protocol to login into
my website authenticated against the BAMBI domain?
I hope I am completely wrong of course!!
Damon.
More information about the Kerberos
mailing list