--On November 17, 2005 6:49:22 AM +0000 Jeffrey Altman
<[EMAIL PROTECTED]> wrote:
The CITI group at UMichigan also has a project that allows you to
use a Kerberos service ticket to obtain an X.509 certificate with
the same lifetime as the Kerberos ticket.
Assuming I'm thinking of the same project, this is called "KX.509". We
worked with it extensively here at Penn, hoping to make it our new standard
for web-based authentication.
We made considerable progress and submitted our patches back to Michigan,
but we never deployed into production because there isn't enough browser
support for client-side X.509 certificates. For non-web applications, this
might be more suitable.
Mark
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
