On Tue, 2014-06-17 at 23:14 +0000, Nordgren, Bryce L -FS wrote:
> When thinking about gateways and what Ipsilon may do, I came across this
> and source
> His approach to unifying web and non-web technologies was to build
> gateways for non-web services such that browser based clients could be
> written without changing the server side.
> I'm not sold on that approach. However, the source repository includes
> a python gateway to a KDC. Users can kinit from the browser the way
> Kerberos intended (password does not go over the wire).
> so that users don't have to pop out to the command line to kinit? One
> still would not have the ability to ssh into a console after doing an
> in-browser kinit, but all the websites in the target domain should
> recognize the credentials.
> Worthwhile or dumb?
How do you trust it is not going to send your password somewhere ?
How do you trust another bug in the browser will not allow another "tab"
top read the memory of the browser including your password or TGT ?
other should not come in contact, IMO.
Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list