Russ Allbery rra at
Thu Jul 17 14:23:20 EDT 2008

"Sharad Desai" <ssdesai1 at> writes:

> Also, (I'm not sure how familiar people are with Cosign) since Cosign
> transforms Kerberos authentication to a cookie-based authentication
> which the browsers can use, I was wondering if you have had any
> experience with this.

Given your platform constraints and desire to avoid Active Directory, I
think Cosign is definitely your best option.  However, I believe that you
will need a UNIX server to run the Cosign login daemon, even though you
can use IIS for specific web applications.  I could be wrong, since I
don't run it myself, but you should check on that if that will be a

Russ Allbery (rra at             <>

More information about the Kerberos mailing list