From owner-freebsd-chat Fri Dec 7 8:55: 8 2001 Delivered-To: freebsd-chat@freebsd.org Received: from server.highperformance.net (ip31.gte4.rb1.bel.nwlink.com [209.20.215.31]) by hub.freebsd.org (Postfix) with ESMTP id 1866037B405 for ; Fri, 7 Dec 2001 08:55:03 -0800 (PST) Received: from localhost (jcw@localhost) by server.highperformance.net (8.11.6/8.11.3) with ESMTP id fB7Grfh23480; Fri, 7 Dec 2001 08:53:41 -0800 (PST) (envelope-from jcwells@highperformance.net) X-Authentication-Warning: server.highperformance.net: jcw owned process doing -bs Date: Fri, 7 Dec 2001 08:53:41 -0800 (PST) From: "Jason C. Wells" X-Sender: jcw@server.highperformance.net To: j mckitrick Cc: freebsd-chat@FreeBSD.ORG Subject: Re: Can someone explain the Passport/Kerberos connection? In-Reply-To: <20011207161949.B48707@dogma.freebsd-uk.eu.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 7 Dec 2001, j mckitrick wrote: > I have a basic understanding how Kerberos works, with tickets, > encryption, and authentication. I guess my real question is how is this > implemented in http? How does Passport use it to lock an identity to > one session on a browser somewhere? Got a URL? I am slowly working on my Kerberos knowledge these days. I would venture that it is just like any other kerberized app except that it somehow supports the non-persistent http connection. It might use the tickets to reauthenticate with each new GET or it might put an expiration time on a session. One would be more secure. The latter would use less overhead. I would also guess that Kerberos is used for authentication only since SSL is well supported for encrypting network traffic in web servers. Later, Jason C. Wells To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message