On Mon, Jul 08, 2002 at 08:04:21AM -0700, jeremy redburn wrote: > I am interested in building a system (similar to Microsoft's .Net My > Services) that is a family of web services that clients authenticate > against using Kerberos. The idea is to have clients hit the KDC via > SOAP calls over SSL and get the ticket. Then they ask the KDC for a > ticket to communicate with a specific web service. Once I have that, I > should be able to encrypt all SOAP messages to the web service and > just pass the username.
Tunnelling KDC exchanges over SSL-encrypted SOAP? Sounds like a protocol that Intel would love. ;) I believe that any efforts to tunnel Kerberos over SOAP (as opposed to using Kerberos to authenticate SOAP) are misguided in the extreme. I think SOAP itself is rather misguided to begin with, albeit somewhat less so; but any attempt to implement a security architecture by working around the existing deployed security infrastructure, rather than with its implementors, seems certain to fail. Steve Langasek postmodern programmer ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos