[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mod_auth_kerb and Heimdal KDC

To: Tillman Hodgson <tillman@seekingfire.com>
Subject: Re: mod_auth_kerb and Heimdal KDC
From: Daniel Kouril <kouril@ics.muni.cz>
Date: Thu, 22 Aug 2002 10:55:36 +0200
Cc: heimdal-discuss <heimdal-discuss@sics.se>
In-Reply-To: <20020821082030.B11193@seekingfire.com>; from tillman@seekingfire.com on Wed, Aug 21, 2002 at 08:20:30AM -0600
References: <20020821002752.A10405@seekingfire.com> <20020821084229.O28398@odorn.ics.muni.cz> <20020821082030.B11193@seekingfire.com>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mutt/1.2.5i

On Wed, Aug 21, 2002 at 08:20:30AM -0600, Tillman Hodgson wrote:
[...] 
> > We are using an apache module available from
> > http://meta.cesnet.cz/software/heimdal/index.en.html
> 
> Yes, that's the module that I'm using as well. Their patches for Mozilla
> and Apache look seriously interesting ... much better than the "dump the
> login page onto SSL" approach.

Just a remark to SSL:
The Microsoft draft (which the Mozilla+Apache patches are based on) specifies
only mechanims for authentication. Some another method (e.g. SSL) must be used 
to ensure integrity control of transmitted HTTP messages. Otherwise, a
malicious user would be able to copy an Authorization header (comming from a
valid user) and past it to another message.

--
Dan

Follow-Ups:
- Re: mod_auth_kerb and Heimdal KDC
  - From: Ken Hornstein <kenh@cmf.nrl.navy.mil>

References:
- mod_auth_kerb and Heimdal KDC
  - From: Tillman Hodgson <tillman@seekingfire.com>
- Re: mod_auth_kerb and Heimdal KDC
  - From: Daniel Kouril <kouril@ics.muni.cz>
- Re: mod_auth_kerb and Heimdal KDC
  - From: Tillman Hodgson <tillman@seekingfire.com>

Prev by Date: Re: mod_auth_kerb and Heimdal KDC
Next by Date: Re: mod_auth_kerb and Heimdal KDC
Prev by thread: Re: mod_auth_kerb and Heimdal KDC
Next by thread: Re: mod_auth_kerb and Heimdal KDC
Index(es):
- Date
- Thread