[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: HEAD open for commits
From:       James Richard Tyrer <tyrerj () acm ! org>
Date:       2002-12-01 4:05:07
[Download RAW message or body]

Tim Jansen wrote:
> On Sunday 01 December 2002 02:54, James Richard Tyrer wrote:
> 
>>>No, more like Kerberos. For example, when I access my EMail using IMAP
>>>and it asks me for a password, it should create a ticket that I can use
>>>to authenticate myself to use LDAP, HTTP and so on (without entering the
>>>password again in the same session).
>>
>>Would the system remember your password?  This is not good unless it is
>>a trivial password such as you use to logon to a web site.
> 
>  
> No, it remembers a so-called Ticket-Granting Ticket that can be used to 
> receive session keys from the kerberors server.
> 
> The whole point of kerberos vs. LDAP and NIS is that you can authenticate 
> yourself to services that you don't trust, without telling them your 
> password. 

I see.  Zero knowledge authentication, sounds like a good idea.

> This is quite important when you access a desktop computer (which 
> can be easily compromised by everybody who has physical access to the 
> machine) or any service that is running on it (ssh, file server, printer 
> server, desktop sharing)..
> 
> http://www.isi.edu/~brian/security/kerberos.html

Yet another new thing to read about.

Thanks for the link

--
JRT



 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]