Re: User credential passing standard from Neil Gulati on 1999-04-19 (www-talk@w3.org from March to April 1999)

From: Neil Gulati <ngulati@scu.edu.au>
Date: Mon, 19 Apr 1999 19:47:54 -0400 (EDT)
To: www-talk@w3.org
Message-Id: <199904192347.JAA24277@cyclops.scu.edu.au>

Dear All,

> You didn't mention if the servers are in the same Domain.  If they are then
> using a combination of Domain cookies and a common authentication server to
> your servers would probably do the trick.

I hope this is not too far off the subject of a *STANDARD*...
at least it is coming from the working end of the matter.

I am about to extend mod_auth_cookie for apache to use encrypted cookies for one domain only.
We already use kerberos authentication so mod_auth_cookie_crypt (whatever) will work with it.
Trouble is, I don't even understand apache configuration (*YET*).
I would also like to support the progress of apache.
If I can write the module to conform to any likely standard, I will.
I am also going to have a look at using PGP (which I will have a learning curve with too).

Can *ANYONE* help me with good URLs to look at or *ANY* information at all?

Fanx a bunch.
ANIL.
anilg@geocities.com
________________________________________________________________________________
Neil (Anil) Gulati
ngulati@scu.edu.au

Unix Systems
Information Technology Directorate
Southern Cross University
Northern Rivers NSW Australia
________________________________________________________________________________

Date: Thu, 15 Apr 1999 11:35:44 -0400 (EDT)
From: "Kevin J. Dyer" <kdyer@draper.com>
To: tvaughan@aventail.com, www-talk@w3.org
Subject: Re: user credential passing standard
Message-id: <990415111336.ZM9250@triton.draper.com>
Content-type: text/plain; charset=us-ascii
MIME-Version: 1.0

Tom,

  You didn't mention if the servers are in the same Domain.  If they are then
using a combination of Domain cookies and a common authentication server to
your
servers would probably do the trick.  Digest authentication is better but
as people have already stated, it ain't there yet.  Are you worried about
session timouts, single signon, access control and simplified administration?
You might want to look at a commercial SSO system for web servers.

						Just another voice,

						Kevin

On Apr 14,  2:42pm, tvaughan@aventail.com wrote:
> Subject: user credential passing standard
> Is there a standard way to pass user credentials from one web server/proxy
> to another web server/proxy? Like encrypted cookies or something.
>
> -Tom
>
>-- End of excerpt from tvaughan@aventail.com

--
=====================================================================
Kevin J. Dyer	 			     Draper Laboratory  MS 35
Email: <kdyer@draper.com>		     555 Tech. Sq.
Phone: 617-258-4962			     Cambridge, MA 02139
FAX: 617-258-2061

Received on Tuesday, 20 April 1999 08:37:24 UTC