[unisog] Centralized auth for web servers

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Jul 25 14:18:53 GMT 2006


On Mon, 24 Jul 2006 23:28:27 EDT, Saqib Ali said:

> I don't think you can achieve the security that you are looking for
> without the use of pure ticker based architecture. You can use cookies
> method (e.g. netegrity's siteminder),

Think *real* hard before you hit "send":

What's the *real* difference between a blob of binary data called
a "kerberos ticket" and the same data stored as a "browser cookie"?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20060725/cefef3a5/attachment.bin 


More information about the unisog mailing list