|
Kerberos Redux? |
|
|
 
By IT Analysis
May 07, 2003
With the arrival of Windows Server 2003 we might be forgiven if we think that
Kerberos, a "secure
method for authenticating a request for a service in a computer network", is on
its way out. After all, Microsoft have been seen as the principal torch bearer.
What is clear in Server 2003 is that Microsoft are starting to push PKI as the
way forward. Talk to Microsoft people and you might find an unusual ambivalence
to Kerberos.
In addition to which, there has always been the view in parts of the industry,
both vendor and user, that Kerberos does not scale and is not rich enough to
support eCommerce.
It is somewhat refreshing therefore to find a new
Kerberos product on the market. CyberSafe is a UK-based company that phoenixed
out of the demise of the US parent.
The release of CyberSafe's
TrustBroker WebAccess product underlines the belief in the Company that Kerberos
still has much to offer. WebAccess provides Kerberos authentication services
between workstations running a Web browser and Web servers, or Web proxy servers
accessible across the network. Used in conjunction with the optional WebAccess
Application Server, the authenticated identity of the user can also be securely
presented to JAVA servlets running on an application server.
WebAccess
uses the Kerberos protocol to authenticate users when they login to the Windows
domain. The credentials obtained during this login can be used by the browser to
present a security context to the Web server or Web proxy server - meaning that
the user only needs to authenticate once when they login to the workstation -
and effectively providing Web single sign-on.
An additional benefit is that WebAccess authentication between the browser/workstation and the Web server or Web proxy server is mutual, so that the server trusts who the user is, and the users browser is able to trust the identity of the server, without the addition of more technology.
Compare this to more commonly used Web authentication techniques. Typically, a domain cookie maintains a context for user access to a Web server, so they don't have to re-authenticate for each URL accessed in the same domain. Once the Web server determines the identity of the user at the browser, it is able to use this to determine their access rights or entitlement.
| |
|
Article continues...
The Register |
 | |
|
|
|
 |
| "Kerberos Redux?" | Login/Create an Account | 0 comments |
|
| | The comments are owned by the poster. We aren't responsible for their content. |
|
|
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 3
Votes: 1
|
|
|
