Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

Kerberos FAQ, v2.0 (last modified 8/18/2000)
Section - 3.9. Is there any way to do Kerberos authentication across the WWW?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Forum ]


Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 3.8. How do I use Kerberos telnet/rlogin to connect to a system as a userid other than my current one?
Next Document: 3.10. Is there a way to use Kerberos to authenticate my X windows connections? I tried compiling the Kerberos support in X, but it
See reader questions & answers on this topic! - Help others by sharing your knowledge
There was code in some versions of NCSA httpd 1.5 and Mosaic 2.7beta to do
Kerberos authentication. Unfortunately this was non-standard and was not
carried forward into any modern software.

There are a number of ways to provide Kerberos password verification over an
SSL-protected pipe, but be aware that these schemes all are fraught with a
number of serious security problems. Nevertheless, you can find one example
of a module at:

   * <http://stonecold.unity.ncsu.edu/software/mod_auth_kerb/index.html>

The CyberSafe TrustBroker SSO/Web product provides a way to do Kerberos
authentication over the web. For more information, look at:

   * <http://www.cybersafe.com/solutions/trustbroker.html>

Probably the best protocol to use for this is the Kerberos Cipher Suites for
TLS, which is documented in IETF RFC 2712:

   * <http://www.ietf.org/rfc/rfc2712.txt>

An open-source implementation of this, called KSSL, can be found at
SourceForge:

   * <http://sourceforge.net/projects/kssl/>

User Contributions:

Comment about this article, ask questions, or add new information about this topic: