Andreas, The SASL/GSS/HTTP approach is considered by some (including myself) to be better than the SPNEGO based solution that Microsoft have included in IE and IIS. The MS solution is based on an individual IETF draft and didn't progress to a standard, but is widely used.
We (CyberSafe) have implemented our own GSS based web browser authentication solution works with any browser (without any updates to the browser that is installed on each workstation) and can be ported to any web server, but we currently only support Apache. Our solution has the advantage that it will work with web server clusters as well as offering replay attack detection and the ability to work with proxy servers. The MS solution does not work with a proxy server and hence MS ISA Server is not supported (for example). I agree, that this is better discussed within the SASL IETF WG instead of Kerberos WG. Regards, Tim. -----Original Message----- From: Andreas [mailto:[EMAIL PROTECTED] Sent: 27 February 2004 13:05 To: [EMAIL PROTECTED] Subject: Re: Browser authentication On Mon, Feb 23, 2004 at 09:20:26AM -0500, Wyllys Ingersoll wrote: > The correct way to do this is with GSSAPI, Microsoft implemented Couldn't SASL be used instead (and then gssapi)? Maybe a question for another forum, though. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
