On Fri, Oct 09, 2015 at 10:47:40AM +0000, Edward Ned Harvey (lopser) wrote: > OMG, how do you think it has the password, if the password was never > sent? It was sent in a previous session.
Not necessarily. The Kerberos password might have been set by the realm admin and handed to the end user on a post-it note. It might have been set directly on a secure terminal connected to a KDC in the security officer's office. It really depends on the security policy of the Kerberos admins. The point is: The password is never sent to the untrusted web server. Barring some implementation-specific instances, it's never sent to the KDCs. The reason why I think that Brandon and I are really pushing this concept is that this is pretty well-established crypto. It works really well. It has its downsides -- and I think if I were arguing for your position, I'd be familiar enough with the state of the art to be able to voice a problem with using SPNEGO. Here's one: Using SPNEGO requires that the remote service have its own kerberos infrastructure set up, either in the same realm as the user, or with two realms that allow cross-realm trust. I can see it working fine for an enterprise environment (particularly with AD), but Joe End User is most likely not in a realm by default. Perhaps you could use something like OpenID or Shibboleth, where the endpoint is authenticated with SPNEGO, but it's still going to require some complexity that has a steep learning curve for the general user. -- Jonathan Billings <billi...@negate.org> _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
