rra at stanford.edu
Tue Jun 11 18:22:38 UTC 2002
Todd Olson <tco2 at cornell.edu> writes:
> Cornell Univ. is about to deploy a cookie based Kerberos proxy system
> for Cornell www sites that care about limiting access. The motivation
> is that Kerberos/sidecar does not work behind NATs.
Is someone who knows how this is working coming to Cartel next week at
Stanford? We're currently working on our second-generation webauth
system, which is very similar, and we should compare notes.
> If NNTP had cookie technology, then we could potentially tie it in to
> this system. As it stands now, while we have hacked sidecar support in
> to an old nnrpd we have to tell people that it does not work from behind
> a NAT.
Yeah, same here.
The problem, though, is that what you really want to do is share the
cookies between your browser and NNTP, but getting things into and out of
the browser cookie jar is a major pain.
Currently, I have some hope for using username/password over SSL, but it
would be nice to have a better solution. We should get SASL at some
point, but that doesn't necessarily help as we already found with mail.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers