Date: Sat, 8 Dec 2001 15:44:41 +0000 From: j mckitrick <jcm@FreeBSD-uk.eu.org> To: "Jason C. Wells" <jcwells@highperformance.net> Cc: freebsd-chat@FreeBSD.ORG Subject: Re: Can someone explain the Passport/Kerberos connection? Message-ID: <20011208154441.A61548@dogma.freebsd-uk.eu.org> In-Reply-To: <Pine.BSF.4.21.0112070845570.23467-100000@server.highperformance.net>; from jcwells@highperformance.net on Fri, Dec 07, 2001 at 08:53:41AM -0800 References: <20011207161949.B48707@dogma.freebsd-uk.eu.org> <Pine.BSF.4.21.0112070845570.23467-100000@server.highperformance.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 07, 2001 at 08:53:41AM -0800, Jason C. Wells wrote: | On Fri, 7 Dec 2001, j mckitrick wrote: | | > I have a basic understanding how Kerberos works, with tickets, | > encryption, and authentication. I guess my real question is how is this | > implemented in http? How does Passport use it to lock an identity to | > one session on a browser somewhere? | | Got a URL? I am slowly working on my Kerberos knowledge these days. | | I would venture that it is just like any other kerberized app except that | it somehow supports the non-persistent http connection. It might use the | tickets to reauthenticate with each new GET or it might put an expiration | time on a session. One would be more secure. The latter would use less | overhead. I don't have any specific URL for the info. I've just gleaned the info from various articles I've read. If it is so critical that a browser session be bound to a certain Passport identity for security reasons, it seems to be something more than cookies would be called for. Unless cookies are more flexible and secure than I realize. jm -- My other computer is your windows box. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011208154441.A61548>