I am interested in building a system (similar to Microsoft's .Net My Services) that is a family of web services that clients authenticate against using Kerberos. The idea is to have clients hit the KDC via SOAP calls over SSL and get the ticket. Then they ask the KDC for a ticket to communicate with a specific web service. Once I have that, I should be able to encrypt all SOAP messages to the web service and just pass the username.
But this doesn't seem to fit into the idea of how Kerberos authentication works. Is anyone doing Kerberos authentication via SOAP calls? What do people recommend for an authentication mechanism for a family of web services? thanks. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
