Re: Client authentication with Kerberos ticket

From: Samay <getafix123_at_hotmail.com>
Date: 2006-12-21 10:44:03 CET

> Why ? Is GSSAPI over http less secure than Basic over http ?
>

GSSAPI (SPNego) is lot more secure thn Basic method when used over HTTP. As
username/password never travels on the wire. Payload is in clear
irrespective of the method. I fail to see logic to restrict SPNego/GSSAPI to
HTTPS only!

..L8rz!

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Dec 21 10:49:00 2006

This message: [ Message body ]
Next message: Yves Martin: "Re: Client authentication with Kerberos ticket"
Previous message: Michael Haggerty: "Re: Suggestions for CVS->SVN Migration"
In reply to: Yves Martin: "Re: Client authentication with Kerberos ticket"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]