[7206] in Kerberos
Re: Kerberos and JAVA
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu May 2 23:59:54 1996
To: Doug Engert <DEEngert@anl.gov>
Cc: Sam Hartman <hartmans@MIT.EDU>, dennis.glatting@plaintalk.bellevue.wa.us,
jwk3@acpub.duke.edu (Jay Kamm), kerberos@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 02 May 1996 23:42:20 -0400
In-Reply-To: Doug Engert's message of Thu, 2 May 1996 16:42:20 -0500
>>>>> "Doug" == Doug Engert <DEEngert@anl.gov> writes:
Doug> Sam Hartman writes:
>> Without getting into specific issues involved in the design of
>> this scheme, you are basically admitting my point: you need
>> security hooks inside the native code on the user's computer
>> for security to work. I would prefer some sort of fully
>> functional system--Kerberos within an organization large enough
>> to justify it, some sort of public key system for
>> consumers--than an over simplistic approach that allows me to
>> download security-related class files.
Doug> Gradient is now selling their WebCrusader product, which
Doug> among other things uses a "proxy" agent running on the same
Doug> machine as your favorite browser. The browser sends all of
Doug> its requests to the proxy.
Doing this right and making sure that source routing and other
issues don't create potential problems is hard on some operating
systems. (This is not to say it hasn't been done, just that people
should make sure they know what the issues are before trying to design
a similar product.)
Doug> So your "fully functional system--Kerberos within an
Doug> organization large enough to justify it", including secure
Doug> web access, is almost a reality.
Agreed. Another promising options may be jgss, the Java
GSSAPI. I noticed that the license was for non-comercial use, so I
need to contact the author and see if I would be tainted by looking at
the source code. I want to play around with it now just for fun, and
to test against the latest Kerberos V5 GSSAPI libraries, but may need
to implement something similar in a comercial setting after leaving
MIT or over a summer job.
Doug> Douglas E. Engert Systems Programming Argonne
Doug> National Laboratory 9700 South Cass Avenue Argonne, Illinois
Doug> 60439 (708) 252-5444
Doug> Internet: DEEngert@anl.gov
