[6593] in Kerberos
Re: Authentication Only ?
daemon@ATHENA.MIT.EDU (Jonathan Kamens)
Sun Feb 4 14:51:48 1996
To: kerberos@MIT.EDU
Date: 4 Feb 1996 18:57:12 GMT
From: jik@annex-1-slip-jik.cam.ov.com (Jonathan Kamens)
In article <4f03af$aes@news.duke.edu>, mg@ac.duke.edu (Michael Grubb) writes:
|> Depending on your environment, the user community may be willing to
|> trust a single, trustworthy web authentication service managed by the
|> same people managing the KDC.
Trusting the web authentication service isn't the problem. Trusting all the
people who can put snoopers on the wire and capture your password as you're
sending it *to* the web authentication service is the problem.
