[6576] in Kerberos
Re: Authentication Only ?
daemon@ATHENA.MIT.EDU (Stephen C. Trier)
Fri Feb 2 16:05:37 1996
From: trier@odin.INS.CWRU.Edu. (Stephen C. Trier)
Date: Fri, 2 Feb 1996 15:50:28 +0000
In-Reply-To: Jon Roma <roma@uiuc.edu>
"Re: Authentication Only ?" (Feb 2, 1:43pm)
To: Jon Roma <roma@uiuc.edu>, kerberos@MIT.EDU
OK, there's another technique I've thought about. This one is ugly,
though:
Put a proxy server on every client machine. Make this server accept
connections only on the loopback address. It accepts (nominally)
insecure connections from a local client, then does Secure, Real
Kerberos Authentication(tm) to a Kerberos-aware HTTP server on the net.
This would be slower than a direct connection because of the extra data
copies, but it would satisfy those who don't like seeing plaintext
passwords on the net. Since the insecure connection is made on the
loopback interface, plaintext passwords, if any, would not leave the
machine.
Implementation is left as an exercise for the reader. :-) If anyone
writes or knows of a kerberizing proxy server like this, I'd love a
copy...
Stephen
--
Stephen Trier
trier@ins.cwru.edu
KG8IH
