Please help: Kerberos and web applications?

rachel elizabeth dillon red at MIT.EDU
Mon Sep 13 15:10:55 EDT 2004


It is possible that your question is answered by this question in the 
Kerberos FAQ:
http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#kerbwww
There has also been some work done on integrating Kerberos into 
apache and Mozilla, but this is highly experimental if it works at 
all and not suitable for production environments.

(Note that when the FAQ says "these schemes are all fraught with a number
of serious security problems," it is being quite serious, and you should
probably get someone who is familiar with this sort of web development
to look over your security model if you decide to try something like this.)

If this doesn't answer your question, then I am not entirely sure what you 
are asking. 

Hope this helps.

-r. 

On Mon, Sep 13, 2004 at 01:24:52AM +1000, simon wrote:
> Hello
> 
> This is quite obviously a newbie question, and for a presentation I need 
> to give: I have a *theoretical* "web portal". The actual services 
> provided are not specified (accounting, if that tells you anything), and 
> I was under the impression that I could use Kerberos to authenticate 
> users from this web portal, as well as users on the server's network.
> 
> I've been reading up on this, but I'm unfamiliar with this sort of web 
> development, and am not sure if what I'm reading supports this... Is 
> this possible?
> 
> The implementation details aren't really relevent, this is a case study, 
> but I was assuming an application embedded into a webpage that 
> communicates with the Kerberos server, and then the ticket granting 
> server, etc, and transfers data. Is this correct?
> 
> A confirmation either way would be hugely appreciated. Thankie
> 
> Simon.
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos


More information about the Kerberos mailing list