[19048] in Kerberos
Re: Web auth
daemon@ATHENA.MIT.EDU (Luke Howard)
Fri Apr 11 22:35:15 2003
From: Luke Howard <lukeh@PADL.COM>
Message-Id: <200304120234.MAA43634@au.padl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
To: joeycollins@charter.net
Date: Sat, 12 Apr 2003 12:34:10 +1000
cc: s.zdrojewski@neticon.it
cc: kerberos@mit.edu
Reply-To: lukeh@PADL.COM
Errors-To: kerberos-bounces@mit.edu
If the machine on which the web browser is running is joined to a
domain, you can do SPNEGO HTTP authentication (providing both the
browser and server support it, of course). See:
http://www.ietf.org/internet-drafts/draft-brezak-spnego-http-04.txt
Also, in Windows 2003, there is support for "protocol transitions"
that allow services to acquire Kerberos credentials on behalf of
a user without requiring initial authentication. It will be
interesting to see whether Microsoft document these extensions...
-- Luke
--
Luke Howard | PADL Software Pty Ltd | www.padl.com
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
