-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/17/10 17:43 , Brandon S Allbery KF8NH wrote:
Why not use kerberos? Mind, we use Kerberos heavily around here... but we have the infrastructure
On 9/17/10 05:27 , Neil Davies wrote: that uses it. Web application space is *not* something that integrates well, though, unless you use it as a dumb store and manage the resulting authentication information yourself (Pubcookie, etc.). For a primarily web
Additional: MIT does use it for web auth (cf. ezyang's response in this thread), but I believe they use a third mechanism: users have certificates, which are registered with the KDC and used via PKINIT. The infrastructure cost of this is (currently, PKINIT still being not quite fully nailed down) higher than anyone in the Haskell community is likely to be willing to deal with --- and you *still* have to solve the authorization problem yourself. - -- brandon s. allbery [linux,solaris,freebsd,perl] allbery@kf8nh.com system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu electrical and computer engineering, carnegie mellon university KF8NH -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyT4m8ACgkQIn7hlCsL25VKawCeNTumjtGy7U9HVdC4DXs8+lhb tTYAoJZtP3ZxH90hqOWsldkWd1eyiROm =jokt -----END PGP SIGNATURE-----