Someone here has suggested the following possibile implementation;
unfortunately, we don't know enough about Web servers and JAVA to be able
to determine whether this suggesiton is viable.
Here's what the idea is based on: JAVA applets run within a browser are run
inside a very tight padded cell. One of the things they can do, tho, is
call Libraries that have been preloaded onto the desktop machine. The
theory is that if the owner of the machine made a decision to download and
install a library, then they have made the deicsion to live with the
ramifications of that decision.
Here's the idea: develop a "glue" library for each platform, that a
downloaded applet could call. This library would call the local Kerberos
routines, and obtain a ticket.
The idea is that when a server encountered an access control situation, it
would download the Kerberos applet and cause it to be run. The applet would
get a ticket and return it to the server. The good news is that this
mechanism would only be used/triggered when the user tried to retrieve an
access controlled page, and the amount of additional code added to each
client would be minimized.
Here's what we don't know: how easily can a web server download an applet
and trigger it? Suppose we were using the NetScape commerce server, and our
access control code was running as a plugin -- could we download an applet
from within the plugin?
What else is wrong with this idea?
Thoughts and comments are welcome.
