[6581] in Kerberos
Follow-up - Authentication Only ?
daemon@ATHENA.MIT.EDU (Chris Howard)
Fri Feb 2 19:11:21 1996
To: kerberos@MIT.EDU
Date: 2 Feb 1996 20:06:09 GMT
From: choward@staff1.lib.iastate.edu (Chris Howard)
Thanks to all who responded to my query.
(It appears that my posting was forwarded to the
Kerberos mailing list automatically, since many of the
replys came back through that channel. Unfortunately,
those replys haven't appeared on the newsgroup, at least
not at this site.)
trier@odin.INS.CWRU.Edu. (Stephen C. Trier) Responded
that yes, it was possible to use Kerberos as an authorization
service. Kind of like a fancy shadow-password system, he
comments. That was exactly the information I was looking for.
Of course, that throws away part of the reason why we have
Kerberos here in the first place, the ability to hide
usernames and passwords. But the alternatives aren't to
good either:
1) continue with IP address authentication only, not
allowing access from outside our local sub-net
2) set up a separate username/password system for our
web system
3) require all users to obtain a Kerberos aware web browser
I haven't decided yet which route to take.
Everette_Allen@ncsu.edu (Everette Gray Allen) Responded
to the situation with a hopeful posting. Maybe a plug-in
Kerberos module will become available for the existing
Netscape users. That would be very sweet, particularly
if we could allow users to download it directly from our
web site (or from some other web site we could reference).
Thanks for all your comments,
Chris.
--
Chris Howard
Iowa State University Library -- Automated Systems Division
choward@iastate.edu
