From owner-freebsd-chat Fri Dec 7 8:51:52 2001 Delivered-To: freebsd-chat@freebsd.org Received: from alive.znep.com (sense-sea-MegaSub-1-448.oz.net [216.39.145.194]) by hub.freebsd.org (Postfix) with ESMTP id DBA0D37B417 for ; Fri, 7 Dec 2001 08:51:49 -0800 (PST) Received: from localhost (marcs@localhost) by alive.znep.com (8.9.3/8.9.3) with ESMTP id IAA37166; Fri, 7 Dec 2001 08:50:30 -0800 (PST) (envelope-from marcs@znep.com) Date: Fri, 7 Dec 2001 08:50:30 -0800 (PST) From: Marc Slemko To: j mckitrick Cc: freebsd-chat@FreeBSD.ORG Subject: Re: Can someone explain the Passport/Kerberos connection? In-Reply-To: <20011207161949.B48707@dogma.freebsd-uk.eu.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 7 Dec 2001, j mckitrick wrote: > > I have a basic understanding how Kerberos works, with tickets, > encryption, and authentication. I guess my real question is how is this > implemented in http? How does Passport use it to lock an identity to > one session on a browser somewhere? Passport doesn't use it AFAIK. Normally, Passport just uses cookies. With IE6 and WinXP, it uses "Passport authentication", which isn't publicly documented AFAIK but I'm pretty sure it isn't kerberos based. It may be NTLM based. One of the many promises Microsoft has made is that they will move Passport to using kerberos. But that is just vapor right now AFAIK. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message