At U-M we are trying to get away from prompting users for passwords for access to secured web pages. Most of our services use kerberos (or kerberos passwords anyway...) We have developed a Kerberized Certificate Authority which uses Kerberos for authentication and then issues the client a short-term X.509 certificate that is used for web authentication. So this is really a PKi (small "i") solution that uses Kerberos as the initial authentication mechanism eliminating the need for web servers to prompt for passwords.
See http://www.citi.umich.edu/projects/kerb_pki for a description and a snapshot of the code (still in progress). K.C. > Are there any commercially available kerberos-based authentication > products for the web? I know Microsoft is doing something with > Passport - but that's still all fuzzy and they are doing it in typical > MS-fashion doing it all their way, or so I hear. > > Any suggestions or recommendations on products that offer website > authentication - username/password, smartcard and a combination..? > > TIA >
