[JDEV] digest and ldap and authentication
mark at mjwilcox.com
mark at mjwilcox.com
Tue Aug 1 23:06:21 CDT 2000
On 1 Aug 00, at 9:05, Donn Cave wrote:
> Quoth mark at mjwilcox.com:
> | On 31 Jul 00, at 17:21, Donn Cave wrote:
> ...
> |> The main point though is the application services. Something like
> |> SSL is fine if you either have one password per service, or you
> |> have all the services in one central trusted site. If you have
> |> a site wide password, and a service supported somewhere outside
> |> its central computing facility, you have at best added to the
> |> number of people you have to trust. (Mainly that means, trusting
> |> in their competence to avoid being hacked.) At my site, a good
> |> example would be a Jabber server on a PC in a dormitory room.
> |> Kerberos makes it possible for that server to function in the
> |> campus system, everyone can use their regular IDs without having
> |> to consider that issue.
>
> | This is a good point, but until Kerberos is everywhere, there's not
> | much you can do about it.
>
> Not much I can do about what? Did you mean to sound so passive?
I mean you as in a general plurality. Perhaps general populace,
etc. would have been a better term. What I mean is that SSL is
much more widespread than Kerberos and it's likely going to
remain that way for a long time. IT doesn't matter that Kerberos is
a much better authentication system, because it just isn't widely
deployed.
Mark
>
> Donn Cave, donn at u.washington.edu
>
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>
>
Mark Wilcox
mark at mjwilcox.com
Got LDAP?
More information about the JDev
mailing list