Re: FYI: Plexus 2.1 is now available

"Peter Lister, Cranfield Computer Centre" <ccprl@xdm001.ccc.cranfield.ac.uk>
Message-id: <9305241014.AA03202@xdm039>
To: sanders@bsdi.com, www-talk@nxoc01.cern.ch
Cc: ccprl@xdm001.ccc.cranfield.ac.uk
Subject: Re: FYI: Plexus 2.1 is now available 
In-Reply-To: Your message of "Mon, 24 May 93 10:00:51 BST."
             <9305240900.AA23134@xdm001> 
Date: Mon, 24 May 93 11:14:40 BST
From: "Peter Lister, Cranfield Computer Centre" <ccprl@xdm001.ccc.cranfield.ac.uk>
>     * 4) The browser detects the 402 error code and intiates a dialog
>	 containing the information from the Cost: field and requests
>	 the password which is used to authenticate the user in the
> 	 servers Realm and get a ticket for the servers Instance.

A yes/no confirmation dialog is useful if there is a real cost, but the
browser should never see the password.

1) Kerberos should normally be invisible to users; there should be a
TGT whenever the user is logged in.
2) AFS kerberos uses a different password->key mapping, so you'd have a
problem with AFS sites. (Problem #1; how do you tell apart sites using
AFS Kerberos? We use AFS with MIT Kerberos).
3) It's bad policy for users to get into the habit of entering their
passwords into programs other than passwd, kinit and login.

we'd be happy to try a Kerberised client and server, as authenticated
info serving is something of a wish here.

Peter Lister                                    p.lister@cranfield.ac.uk
Computer Centre,
Cranfield Institute of Technology,        Voice: +44 234 754200 ext 2828
Cranfield, Bedfordshire MK43 0AL England    Fax: +44 234 750875