[6571] in Kerberos
Re: Authentication Only ?
daemon@ATHENA.MIT.EDU (Donald T. Davis)
Fri Feb 2 12:38:21 1996
To: choward@staff1.lib.iastate.edu (Chris Howard)
Cc: kerberos@MIT.EDU, www-kerberos@lists.Stanford.EDU
In-Reply-To: Your message of "01 Feb 1996 19:38:43 GMT."
<4er4s3$lum@news.iastate.edu>
Date: Fri, 02 Feb 1996 12:23:03 -0500
From: "Donald T. Davis" <don@cam.ov.com>
iowa state's chris howard wrote:
> Is there some way we can use Kerberos only for [web] authentication?
> We don't want to require that users have a Kerberos enabled browser
> (because there aren't any for PC or Mac).
mr. howard,
i'm sorry to tell you that you can't use krb
without krb clients, and you can't use it
without tickets in any secure way. but, you
can ignore the encryption keys, once you've
authenticated the user, if you really want to.
there is a kerberos-capable mosaic browser
& server; you should contact adam cain. i've
appended a message from him, about a web-site
and a mailing-list pertaining to his kerberized
web stuff.
i don't know whether his code supports pc's
and macs, but given that freeware krb for
win95 & nt just became available from u. mich,
i expect that cain's code will support those
operating systems soon. krb for windows has
been out for a while. i've appended umich's
announcement, below cain's.
-don davis, boston
former athena staff
------------------------------------------------------------------
Date: Tue, 27 Jun 95 14:35:48 CDT
From: acain@ncsa.uiuc.edu (Adam Douglas Cain)
To: www-kerberos@lists.Stanford.EDU
Subject: new kerberized web page (pseudo-FAQ)
Hello WWW-Kerberosees!
I've updated the web page describing the nature, history and status of the
Web Kerberization work. It can be found at
http://snapple.ncsa.uiuc.edu/adam/khttp/intro.html
Perhaps this page, along with the few pages it points to, could be put on
the www-kerberos archive.
Please let me know if you have any suggestions or new info for this page.
Adam
-------------------------------------------------------------------
To: kerberos@MIT.EDU
Date: Tue, 30 Jan 96 17:31:36 GMT
From: kerb95@umich.edu
Organization: University of Michigan - ITD
Subject: Announcing an implementation of Kerberos for Windows95/NT
Hello,
There is now available for anonymous FTP an implementation of
Kerberos for Windows 95 and NT.
You may obtain the beta DLLs, LIBs, header files, and unfinished
documentation (postscript), along with a ticket manager (also beta)
from us via the following URL:
ftp://terminator.rs.itd.umich.edu/win/Kerb95
The source will be made available once the final release has been
issued.
This implementation of Kerberos does not follow the MIT API, nor
does it use any of of the MIT source. It is strictly Win32 code that
takes advantage of Win32 features found in Windows 95 and NT. (Win32s
on Windows 3.1, 3.11, and 3.11WFG is not supported.)
Here is a short list of features:
Uses the Windows Registry for Kerberos information.
Allows multiple identities to be used simultaneously.
Supports password changing.
Allows selective deletion of tickets.
The ticket cache is kept in a memory mapped file and not
stored on disk.
'Canned' dialogs that applications may use for authentication,
password changing, and host/realm modifications.
Unicode and ASCII versions of each API call that takes a string
parameter.
Also the API calls have a version parameter to specify which version
of Kerberos to use. But at this time only Kerberos version 4 is
recognized. Version 5 support will be added later.
To insure that the final release is complete, we would like to hear
comments on this API. Please feel free to send them to
kerb95@umich.edu.
Thank You.
