[19530] in Kerberos
Re: GSSAPI x Kerberos
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Wed Jul 9 09:57:40 2003
Message-ID: <3F0C1CF2.23F822ED@anl.gov>
Date: Wed, 09 Jul 2003 08:47:30 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: silvio@gdora.com.br
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
silvio@gdora.com.br wrote:
>
> Hello,
>
> I'm starting to implement Kerberos support on a application, but I don't know
> if I should implement using the GSSAPI or the Kerberos API... What is the
> best/worse of them? Is there any "official" recomendation about that?
GSSAPI unless there are special requirements.
>
> The other problem I'll have to solve is to implement the authentication over
> HTTP, any suggestions?
Look at the kx509 from the University of Michigan. It uses Kerberos authentication
to obtain a short term certificate. This certificate can then be used by IE or Netscape.
You then use the standard SSL in the browsers and web servers.
The client can run on any Unix, Mac or Windows.
See: http://www.citi.umich.edu/projects/kerb_pki/
>
> Thanks in advance,
>
> Silvio Fonseca
> -------------------------------------------------
> Relato Consultoria de Informática
> Rua Mto. João Gomes de Araújo, 106 cj. 42
> Alto de Santana - São Paulo - SP
> Telefones: (11) 6978-5253 / (11) 6978-5262
> Fax: (11) 6971-3115
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
