Citando Sam Hartman <[EMAIL PROTECTED]>: >>> I have an application that uses HTTP (or HTTPS) to communicate >>> between the server and the clients and neither are browsers or >>> web servers... >Douglas> Another option is that OpenSSL can encapsulate Kerberos >Douglas> tickets in what SSL thinks are certificates. >Please don't do this is you can avoid it. Use either the Mozilla or >the Microsoft style GSSAPI, or better yet don't use HTTP at all if you >don't expect your application to be used by normal web browsers.
I can avoid it... As I told Douglas, I have control over server and client code, so is up to me to decide what I want... The lead developer idea was to use the Microsoft implementation using the "WWW-Authenticate: Negotiate" tag, but it's more likely that I'll use the Mozilla implementation (using GSS- Negotiate in the tag and pure GSS code encoded in base64) only and later change to SPNEGO, from what I readed in SPNEGO RFC and Microsoft Implementation, will be simple... >There are some significant issues with RFC 2712 (Kerberos inside TLS) >and even more significant issues with the OpenSSL implementation of >that spec. There's (besides kx509) any implementation of this? Just to know, what issues?? -- Silvio Fonseca Linux Consultant ------------------------------------------------- Relato Consultoria de Inform�tica Rua Mto. Jo�o Gomes de Ara�jo, 106 cj. 42 Alto de Santana - S�o Paulo - SP Telefones: (11) 6978-5253 / (11) 6978-5262 Fax: (11) 6971-3115 ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
