On Sat, Aug 30, 2008 at 10:54:59PM -0700, Steve Langasek wrote:
> On Sun, Aug 31, 2008 at 01:16:32AM +0200, Bastian Blank wrote:
> > Negotiate auth does not provide confidentiality or integrity protection
> > different to the normal use of kerberos.
> Well, ok, but you're negotiating *authentication*. Why are confidentiality
> and integrity protection required for that?
If you use kerberized telnet you get that for free, the session key is
part of the setup.
> Firefox doesn't exactly have
> HTTP basic auth support disabled by default, either...
You need to supply a username and password for each basic auth, so you
know what you are doing. Kerberos runs in the background, so the user
can't see that it got authenticated.
Bastian
--
If some day we are defeated, well, war has its fortunes, good and bad.
-- Commander Kor, "Errand of Mercy", stardate 3201.7
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
