> > My personal recommendation for webauth right now seems to be supporting > > both gssapi negotiate and pubcookie. I'd prefer a stronger solution > > than gssapi negotiate. The HTTP SASL draft is being last called, so > > perhaps we'll get our wish. > > I would love it if all cookie-based Kerberos authentication mechanisms > would go the way of the dodo because real SASL support showed up in HTTP > servers and clients. The client part is going to be the hard bit, but I > would love it if WebAuth became obsolete because my Mozilla just spoke > Kerberos all by itself.
Sorry to jump in late here but.. Is the clientside solution fundamentally flawed in the extranet sense? I was under the impression that the client workstation had to be logged into the same domain as the server.. ie. If a web user was logged into the ACME domain from their ACME workstation then they can't come to my site and use SPNEGO (or SASL?) protocol to login into my website authenticated against the BAMBI domain? I hope I am completely wrong of course!! Damon. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
