Check out the University of Michigan's kx509.
http://www.citi.umich.edu/projects/kerb_pki/
It gets a short term certificate using Kerberos authentication.
The certificate and key are then stored in the Kerberos ticket cache.
They have a PKCS#11 plugin for Netscape on Unix or WIN32, (and I think IE),
to use these certificate with the browser and web server. So no mods to browser
or web servers.
Microsoft has published how they are doing this as well:
http://search.ietf.org/internet-drafts/draft-brezak-spnego-http-02.txt
1. Abstract
This document describes how Microsoft�s Internet Explorer 5.0 and
Internet Information Services 5.0 use Kerberos for security
enhancements of web transactions. The HTTP auth-scheme of
�negotiate� is defined here; when the negotiation results in the
selection of Kerberos, the security services of authentication and
optionally impersonation are performed.
hot ice wrote:
>
> Are there any commercially available kerberos-based authentication
> products for the web? I know Microsoft is doing something with
> Passport - but that's still all fuzzy and they are doing it in typical
> MS-fashion doing it all their way, or so I hear.
>
> Any suggestions or recommendations on products that offer website
> authentication - username/password, smartcard and a combination..?
>
> TIA
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
