[Haskell-cafe] Unified Haskell login
Brandon S Allbery KF8NH
allbery at ece.cmu.edu
Fri Sep 17 17:43:36 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 9/17/10 05:27 , Neil Davies wrote:
> Why not use kerberos?
>
> We find it works for us, integrates with web (natively or via WebAuth),
> remote command execution (remctl) and ssh - widely used, scales brilliantly.
1. Kerberos is only authentication. Authorization you get to deal with
yourself, and you won't be able to use many off the shelf solutions in that
space.
2. You require people to have Kerberos clients, and possibly kx509 for web
auth. Or else you're just using it as a password store for programs to
check against, in which case you've pretty much made it pointless.
Mind, we use Kerberos heavily around here... but we have the infrastructure
that uses it. Web application space is *not* something that integrates
well, though, unless you use it as a dumb store and manage the resulting
authentication information yourself (Pubcookie, etc.). For a primarily web
based community, it's not an appropriate choice.
- --
brandon s. allbery [linux,solaris,freebsd,perl] allbery at kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university KF8NH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkyT4QgACgkQIn7hlCsL25WLawCdEn2nbfAMTBxTu5aXGkVtVSga
IfMAn2UiQ1f9G2wsiAL3PhmDPr5tzlFb
=NWAB
-----END PGP SIGNATURE-----
More information about the Haskell-Cafe
mailing list