"Michael B Allen" <[EMAIL PROTECTED]> writes: > If you read the whole thread you'd know I'm only talking about the > *IntrAnet* scenario. With SPNEGO you do not type in a passwords at all > whereas with WebAuth you might need to.
You're making a bogus comparison. If you don't have to type in passwords with SPNEGO Negotiate-Auth, you don't have to type in passwords with WebAuth either; it can use SPNEGO Negotiate-Auth for initial authentication. In the Negotiate-Auth case, the password handling is exactly the same, which one would expect given that it's using exactly the same protocol and mechanism. (Cosign I think requires the ticket cache on the central login server, so does introduce the twist of delegation.) The difference does not lie in SPNEGO handling; it lies in the architectural complexity, in what the fallback looks like when Negotiate-Auth doesn't work, and in the delegation and authentication persistance model. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
