On Tue, 2003-03-04 at 13:47, Alan DeKok wrote: > > In this hypothetical case, would it be feasible for a user to present > > the same cookie to a different WWW server, which could then attempt to > > authenticate the user by passing the cookie to the remote RADIUS > > server? (ie. thereby avoiding the need for the user to present his > > credentials again - the idea being to enable single sign-on). > > > > Is this idea crack-pot or simply brain-dead? > > It's a hack, but I see reason why it wouldn't work.
You think this is a hack? You should read the Project Liberty or M$ Passport specs :-) josh. -- ----------------------------------------------------------- Josh Howlett, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] ------------------------------------------------------------ --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
