Re: Client authentication with Kerberos ticket

From: Steinar Bang <sb_at_dod.no>
Date: 2006-12-21 10:04:17 CET

>>>>> "D.J. Heap" <djheap@gmail.com>:

> On 12/20/06, Yves Martin <yves.martin@elca.ch> wrote:
>> BUT the GSSAPI/Negotiate is only tried with SSL ?
>> Why ? Is GSSAPI over http less secure than Basic over http ?

> I'm not an auth expert, but my understanding is that they are not
> really secure over http.

Kerb authentication using HTTP Negotiate over plain HTTP, is as secure
as kerb itself is, which is pretty secure. Authentication will be
secure. The traffic itself won't be secure, ie. the payload will go
in the clear.

Perhaps the reasoning is that when people wish to use a secure
authentication method, they wish the entire traffic to be secure and
should not be fooled to use an open transfer? (not a reasoning I would
have made, but there you go) Or perhaps it is an artifact of the
implementation? Ie. it was easier this way?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Dec 21 10:05:05 2006

This message: [ Message body ]
Next message: Norbert Thoden: "Re: Non-Working authz for svnserve"
Previous message: Maurer, Hermann: "RE: Re: Repository corruption?"
In reply to: D.J. Heap: "Re: Client authentication with Kerberos ticket"
Next in thread: Yves Martin: "Re: Client authentication with Kerberos ticket"
Reply: Yves Martin: "Re: Client authentication with Kerberos ticket"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]