"Dr. Greg Wettstein" wrote: > > On Jan 29, 8:45am, "Douglas E. Engert" wrote: > } Subject: Re: Kerberos vs. LDAP for authentication -- any opinions? > > > Many of the Browser issues can be addressed by Kx509 from the > > Univrsity of Michigan. It can obtain a short term X509 certificate > > using Kerberos for authenticaiton. The certificate and key are then > > stored so the browser can use it with SSL to any web server. It works > > with IE and Netscape on Windows. It runs on UNIX and Mac as well. > > http://www.citi.umich.edu/projects/kerb_pki/ > > Didn't Whit Diffey file a patent which covered the concept of using > short-term certificates as authentication brokers? > > If so does the Kx509 stuff have some sort of divine absolution with > respect to it?
The University of Michigan would need to answer the question. How short is short? The kx509 is just a CA that issues certificates based on being authenticated via Kerberos. The lifetime of the certificate could be for a day, or even a year. > > }-- End of excerpt from "Douglas E. Engert" > > As always, > Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC. > 4206 N. 19th Ave. Specializing in information infra-structure > Fargo, ND 58102 development. > PH: 701-281-1686 > FAX: 701-281-3949 EMAIL: [EMAIL PROTECTED] > ------------------------------------------------------------------------------ > "Don't worry about people stealing your ideas. If your ideas are any > good, you'll have to ram them down people's throats." > -- Howard Aiken -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
