On 06/17/2014 09:24 PM, Simo Sorce wrote:
I have seen this project presented at the MIT Kerberos Consortium board
of directors and it gave me goose bumps.
On Tue, 2014-06-17 at 23:14 +0000, Nordgren, Bryce L -FS wrote:
When thinking about gateways and what Ipsilon may do, I came across this thesis:
His approach to unifying web and non-web technologies was to build
gateways for non-web services such that browser based clients could be
written without changing the server side.
I'm not sold on that approach. However, the source repository includes
a python gateway to a KDC. Users can kinit from the browser the way
Kerberos intended (password does not go over the wire).
so that users don't have to pop out to the command line to kinit? One
still would not have the ability to ssh into a console after doing an
in-browser kinit, but all the websites in the target domain should
recognize the credentials.
Worthwhile or dumb?
How do you trust it is not going to send your password somewhere ?
How do you trust another bug in the browser will not allow another "tab"
top read the memory of the browser including your password or TGT ?
other should not come in contact, IMO.
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project