httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Spreitzer" <sprei...@parc.xerox.com>
Subject RE: Kerberos authentication and authentication (proxy ticket forwarding)
Date Sat, 06 Nov 1999 01:09:13 GMT
> I wonder if this should just be done through PAM?

PAM doesn't solve the problem I'm addressing.  The problem I'm addressing
is the need for some form of delegation.  That is, given that the user has
already "logged in" in one way or another (this is what PAM is for, right?)
to "his" machine, and wants to invoke an operation on a remote web server,
and that remote operation in turn needs to invoke another even more remote
operation *as the original user*, what enables the first web server to act
on the user's behalf?  The standard answer in the Kerberos setting is that
the client forwards proxy tickets (either specific service tickets or
ticket granting tickets) to the first server.


Mime
View raw message