[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: HEAD open for commits
From:       Tim Jansen <ml () tjansen ! de>
Date:       2002-12-01 2:25:39
[Download RAW message or body]

On Sunday 01 December 2002 02:54, James Richard Tyrer wrote:
> > No, more like Kerberos. For example, when I access my EMail using IMAP
> > and it asks me for a password, it should create a ticket that I can use
> > to authenticate myself to use LDAP, HTTP and so on (without entering the
> > password again in the same session).
> Would the system remember your password?  This is not good unless it is
> a trivial password such as you use to logon to a web site.
 
No, it remembers a so-called Ticket-Granting Ticket that can be used to 
receive session keys from the kerberors server.

The whole point of kerberos vs. LDAP and NIS is that you can authenticate 
yourself to services that you don't trust, without telling them your 
password. This is quite important when you access a desktop computer (which 
can be easily compromised by everybody who has physical access to the 
machine) or any service that is running on it (ssh, file server, printer 
server, desktop sharing)..

http://www.isi.edu/~brian/security/kerberos.html

bye...

 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]