[EMAIL PROTECTED] (paul b) wrote in message news:<[EMAIL PROTECTED]>... > Hello, > I am currently developping a "web single signon"-system and I am > thinking about using Kerberos for this propose > [snip] > > Perhaps someone can tell me if Kerberos is really a good solution for > web-single signon(and fully transparent to end-users) or if there are > more simple possiblities like for example installing a "reverse > proxy"? >
I was wondering the same thing. In fact I started a simular thread a little while ago. The short answer is no, not really. And the reason is, HTTP is a stateless protocol. You would need to generate a new authenticator for each and every connection. Kerberos kind of assumes that once a session is started the connection is persistant. See UWash's pubcookie (http://www.pubcookie.org/) or Stanford's WebAuth (http://webauthv3.stanford.edu/) for examples of WebISO solutions. Christopher Kranz [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
