[unisog] Centralized auth for web servers

Saqib Ali docbook.xml at gmail.com
Tue Jul 25 18:34:00 GMT 2006


On 7/25/06, Valdis.Kletnieks at vt.edu <Valdis.Kletnieks at vt.edu> wrote:
> Think *real* hard before you hit "send":
> What's the *real* difference between a blob of binary data called
> a "kerberos ticket" and the same data stored as a "browser cookie"?

That is NOT what I said. I never said anything about tickets being
better cookie. Read my previous message again.

However what I said is that combining tickets and cookies make the
authentication architecture more complex, and increases the points of
(security) failure. If there is an option of NOT to use cookies for
web based authentication, then why not avoid it.

If there is a viable alternative of just using pure kerberos tickets, use it!!!

-- 
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------


More information about the unisog mailing list