There is work in progress to add a mozilla "extension" that properly supports the IE/IIS "negotiate" mechanism, either with SPNEGO or with GSS/krb5 (either will work with IIS).
Rightly or wrongly, customers want this support and they want it without having to use IE. The mozilla codebase allows for extensions such as this to be added (or deleted) pretty easily, so in the future, if HTTP-SASL becomes a reality, it can be supported easily, likewise krb5-tls. See this Mozilla bug report for the gory details: http://bugzilla.mozilla.org/show_bug.cgi?id=17578 If there is to be any hope for a better solution, it will have to be made available for both the servers (apache, et al), and browsers (mozilla, safari, etc) and the public will need to be educated as to why this is a superior approach. Of course, it would also help if Microsoft would adopt it in IIS and/or IE. -Wyllys On Fri, 2003-12-05 at 12:58, Sam Hartman wrote: > >>>>> "Tim" == Tim Alsop <[EMAIL PROTECTED]> writes: > > > Tim> If will be useful, if in the future this submission gets > Tim> taken by somebody, improved and progressed through IETF. > > It will not. The HTTP and GSSAPI communities have both made it very > clear that the approach is not generally acceptable. > > Please look at draft-nystrom-http-sasl-09.txt for an example of > something going more in a direction that might progress within the > IETF. > > Also, there is krb5 TLS, which is an RFC, but also has problems. > > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Wyllys Ingersoll <[EMAIL PROTECTED]> ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
