[7195] in Kerberos
Re: Kerberos and JAVA
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu May 2 11:52:33 1996
To: deinc@ibm.net (DeScribe)
Cc: Inc.@MIT.EDU, kerberos@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 02 May 1996 11:30:14 -0400
In-Reply-To: deinc@ibm.net's message of 2 May 1996 02:20:55 GMT
>>>>> "DeScribe," == DeScribe, Inc <deinc@ibm.net> writes:
DeScribe,> This may be a closed loop situation with no practical
DeScribe,> answer other than to require the user to load "native
DeScribe,> code" on the workstation. If that is the only way
DeScribe,> kerberos can be implemented for JAVA, its widespread
DeScribe,> acceptance will be limited for Web apps.
DeScribe,> Could I get some comments?
It's going to be a hot day on the ninth circle of hell before
I starting typing Kerberos passwords into some Java applet I download
off the net.
Seriously, I don't think trusting code downloaded off someone
else's web page for security is reasonable in many circumstances. I
don't think Kerberos is intended as a general security solution for
the web; it requires the user to have some pre-existing principal in
some realm and cannot provide a way of securely establishing this
initial principal without making additional assumptions. However,
Kerberos does provide a reasonable model for web pages within an
orginization. A Java class including native methods for authenication
can be installed on each client workstation and then applets can use this class to establish authenticated connections with web pages.
DeScribe,> Jim Lennane
