3.9. Is there any way to do Kerberos authentication across the WWW?

There was code in some versions of NCSA httpd 1.5 and Mosaic 2.7beta to do
Kerberos authentication. Unfortunately this was non-standard and was not
carried forward into any modern software.

There are a number of ways to provide Kerberos password verification over an
SSL-protected pipe, but be aware that these schemes all are fraught with a
number of serious security problems. Nevertheless, you can find one example
of a module at:

   * <http://stonecold.unity.ncsu.edu/software/mod_auth_kerb/index.html>

The CyberSafe TrustBroker SSO/Web product provides a way to do Kerberos
authentication over the web. For more information, look at:

   * <http://www.cybersafe.com/solutions/trustbroker.html>

Probably the best protocol to use for this is the Kerberos Cipher Suites for
TLS, which is documented in IETF RFC 2712:

   * <http://www.ietf.org/rfc/rfc2712.txt>

An open-source implementation of this, called KSSL, can be found at
SourceForge:

   * <http://sourceforge.net/projects/kssl/>

Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 3.8. How do I use Kerberos telnet/rlogin to connect to a system as a userid other than my current one?
Next Document: 3.10. Is there a way to use Kerberos to authenticate my X windows connections? I tried compiling the Kerberos support in X, but it

Single Page

[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>

Last Update September 07 2008 @ 00:11 AM