[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] RE: AuthenticationMethod / NameIdentifier andKerberos authentication
> Anyway, I think JohnK mentioned using an Auth Context instead > of putting the Kerberos pre-auth in the AuthenticationMethod > statement ? What was the concensus on this, or has it not > been discussed in detail yet ? The latter. I think everyone agrees that it makes sense, but I don't know that Liberty has defined any specific classes or statements that deal with Kerberos. > Maybe if Kerberos has been used, but not in the way we prefer > (client in workstation/browser) we could still represent this > method as a Kerberos method, but put something meaningful > into a Context statement that gives more details on how > Kerberos was used to authenticate the user ? That is in > addition to the pre-auth method ? Just a suggestion ... Comments ? Right. My criticism pertained to the old method. However, I would be equally opposed to lumping this model into a general Kerberos context class. I think it's closer to a "password" class with specific details provided as to how the server is checking the password for accuracy that mention Kerberos. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]