Hi, I'm trying to implement Kerberos5 authentication in our web based application. I have question about the security now. Our's is a java/jsp application with 3-tiered architecture. The Application server is tomcat. If we have the users supplying their username & password from the browser how does the security be handled? Because I guess the kerberos authentication code is running off of the webserver and the authentication would be done between the Application/web server & the ADS only. But what happens when sending the password from the browser to the web server through post method? Are there any additional security measures to be implemented between the Client & the webserver ? Please help me as I'm fairly new to this.
Thank you in anticipation, R.Bajaj __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
