MSUNAG Archives

MSUNAG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave MSUNAG
Reply | Post New Message
Search Archives


Subject: Re: non-ssl sites using netid login?
From: Matt Kolb <[log in to unmask]>
Reply-To:Matt Kolb <[log in to unmask]>
Date:Wed, 9 Apr 2008 16:34:59 -0400
Content-Type:text/plain
Parts/Attachments:
Parts/Attachments

text/plain (29 lines) 


On Apr 9, 2008, at 3:04 PM, Joe Budzyn wrote:
> It is strongly recommended that any authentication be encrypted.   
> The preferred
> method of authentication is through Sentinel.  An alternative method  
> for
> authentication that is becoming more popular is Shibboleth.
>
> SSL encryption does not prevent a man-in-the-middle attack if the  
> web site
> is recording the user name and password.
>
> It is a good idea to ensure MSU netid authenticated web applications
> use SSL encryption.  However, some web applications can not use SSL  
> for
> technical reasons.



As a point of clarification, Shibboleth is integrated with Sentinel  
(which uses kerberos), so if you integrate with Shibboleth, you get  
the Sentinel action as well.  Kerberos ticket passing is also a  
fantastic and secure way to utilize our krb AuthN solution.

./mk

-- 
Matt Kolb  <[log in to unmask]>
Academic Technology Services
Michigan State University

Back to: Top of Message | Previous Page | Main MSUNAG Page

Permalink


LIST.MSU.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager