[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: couple socket-connection questions

At 11:10 PM +1000 5/29/03, Luke Howard wrote:
>  >overhead is unwarranted for that reason. or are there obvious proto-
>>col extensions coming down the line that would call for clients to
>>require more than a few intermittent, ``stateless'' packet exchanges
>>with the KDC? hmm. <tongue-in-cheek>in that case, maybe it's time to
>>turn Kerberos into a ``web service'', dump the DER, dress it up in
>>XML and give it a marketing makeover</tongue-in-cheek>
>Well, Heimdal has supported HTTP KDC requests for a while now; see
>handle_http_tcp() in kdc/connect.c. I'm not sure if anyone has ever
>documented or used this. :-)
>Encapsulating KDC requests in SOAP or XML-RPC, that would certainly
>be interesting; I expect this could be achieved in theory by combining
>IAKERB with WS-Security. But I'm digressing...

Hmmm.  I'm just starting to look at SOAP so pardon my ignorance.

Is there a good way to use Kerberos to authenticate XML/SOAP 
exchanges?  Maybe the Kerberos option that TLS had?  mod_auth_krb?
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu