[6594] in Kerberos
Re: Authentication Only ?
daemon@ATHENA.MIT.EDU (Jonathan Kamens)
Sun Feb 4 14:54:27 1996
To: kerberos@MIT.EDU
Date: 4 Feb 1996 18:56:19 GMT
From: jik@annex-1-slip-jik.cam.ov.com (Jonathan Kamens)
In article <199602022050.PAA24912@odin.INS.CWRU.Edu>, trier@odin.INS.CWRU.Edu. (Stephen C. Trier) writes:
|> Put a proxy server on every client machine. Make this server accept
|> connections only on the loopback address. It accepts (nominally)
|> insecure connections from a local client, then does Secure, Real
|> Kerberos Authentication(tm) to a Kerberos-aware HTTP server on the net.
I implemented a prototype of something like this to secure Sybase
client/server communications several years ago for OpenVision (well, then I
was working for Geer Zolot Associates, but we got bought out). I even wrote a
paper about it, which goes into some detail about the process and the relative
costs. See:
Kamens, Jonathan, "Retrofitting network security to third-party applications
--- the SecureBase experience". Proceedings of the UNIX Security Symposium
IV, Santa Clara, California, 1993.
