Re: mod_auth_kerb and Heimdal KDC

[Brian May <bam@snoopy.apana.org.au>]

On Wed, Aug 21, 2002 at 08:20:30AM -0600, Tillman Hodgson wrote:
> Yes, that's the module that I'm using as well. Their patches for Mozilla
> and Apache look seriously interesting ... much better than the "dump the
> login page onto SSL" approach.

While this is somewhat off-topic, I just thought I would mention
that Telstra (telecommunications carrier here) use to use digital
certificates for authenticating users to their online payment service.
It is quite sophesticated too (I still have my certificate), as it
allows users to create additional certificates for additional computers,
delegate rights to other people, etc.

Now they have got decided to phase it out of use (they recommend
anyone with a digital certificate replace it with a username/password
combination, and want renew any certificates). The reason why? I suspect
customers were complaining that they couldn't log on from any computer
:-(.

Not a decision I entirely agree with. I hate having to remember a
seperate username and password for every single remote web page I need
to log on to use :-(.

Also, on a similar topic, I have heard that it should be possible
to do kerberos authentication over TLS.

It is possible to take advantage of this somehow when using https?
-- 
Brian May <bam@snoopy.apana.org.au>