[14] in WWW Security List Archive
Re: Kerberos authentication for X-Mosaic 2.4 and NCSA HTTPD
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Sun Aug 14 19:07:40 1994
To: www-security@ns1.rutgers.edu
Date: Sun, 14 Aug 1994 16:22:52 EDT
From: Marc Horowitz <marc@MIT.EDU>
I've just joined the list, so I apologize if this has been gone over
before. I also apologize ahead of time for appearing somewhat
presumptions; this message will sound that way.
One of the things which really bothered me about the Secure-HTTP
document when I read it was the complete lack of reference to existing
work in the area of generalizing security access. In particular, the
Internet Engineering Task Force has standardized on an API called
GSS-API which is a standard API for accessing an arbitrary
authentication protocol. It's currently intended for real-time
authentication, but store-and-forward semantics are being worked on.
GSS-API has been specified for FTP, IMAP, and POP. There is an
existing implementation for kerberos v5, and specifications which
cover x.509 and pem.
Before you all go out and reinvent the wheel, I think it would be
productive for people to go out and read the following documents:
ftp://ftp.internic.net/rfc/rfc1508.txt
ftp://ftp.internic.net/rfc/rfc1509.txt
ftp://ftp.internic.net/internet-drafts/draft-ietf-cat-kerb5gss-01.txt
ftp://ftp.internic.net/internet-drafts/draft-ietf-spkmgss-00.txt
ftp://ftp.internic.net/internet-drafts/draft-ietf-cat-ftpsec-05.txt
Have a nice day :-)
Marc
