[7196] in Kerberos
Kerberos and JAVA
daemon@ATHENA.MIT.EDU (Doug Engert)
Thu May 2 12:13:14 1996
Date: Thu, 2 May 1996 11:02:04 -0500
From: Doug Engert <DEEngert@anl.gov>
To: deinc@ibm.net (DeScribe, Inc.)
Cc: kerberos@MIT.EDU
In-Reply-To: <4m9667$3l9a@news-s01.ny.us.ibm.net>
Inc. DeScribe writes:
> We are very interested in using Kerberos but are also concerned about our need
> to implement it in a JAVA application at the end user's "client" workstation.
> User's perfer not to have to download software "JAVA Applications" just to
> access someone's Web page. Since a JAVA applet(vs an application) is loaded
> as part of the Web page "get", Kerberos looks very attractive if it were
> available as a JAVA Applet.
The first question I have, is why should the user trust the JAV
application? If it down loads the kerberos code, and asks for your
password, it could just as well be a trojan horse.
One of the strength of Kerberos is mutual authentication. This
requires the user to trust the "kinit" code to which he gives his
password.
I agree with Jay Kamm that the Kerberos code needs to be on the users
workstation to start with. The user may well want to only run JAVA
applets from trusted servers. This is were Kerberos on the workstation
would pay off.
Douglas E. Engert
Systems Programming
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
Internet: DEEngert@anl.gov
