[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Client authentication with Kerberos ticket

From: Yves Martin <yves.martin_at_elca.ch>
Date: 2006-12-21 10:55:52 CET

On Thu, 2006-12-21 at 20:44 +1100, Samay wrote:
> GSSAPI (SPNego) is lot more secure thn Basic method when used over
> HTTP. As
> username/password never travels on the wire. Payload is in clear
> irrespective of the method. I fail to see logic to restrict
> SPNego/GSSAPI to
> HTTPS only!

 I'm glad to here that.

On Thu, 2006-12-21 at 10:04 +0100, Steinar Bang wrote:
> >>>>> "D.J. Heap" <djheap@gmail.com>:
> Perhaps the reasoning is that when people wish to use a secure
> authentication method, they wish the entire traffic to be secure and
> should not be fooled to use an open transfer? (not a reasoning I would
> have made, but there you go) Or perhaps it is an artifact of the
> implementation? Ie. it was easier this way?

 I think you're right. GSS code seems to re-use the SSL "context"...

 For the moment, I configure https to get ticket authentication,
 but I'm afraid of performance.


Yves Martin
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Dec 21 10:56:45 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.