On Apr 9, 2008, at 3:04 PM, Joe Budzyn wrote:
> It is strongly recommended that any authentication be encrypted.
> The preferred
> method of authentication is through Sentinel. An alternative method
> for
> authentication that is becoming more popular is Shibboleth.
>
> SSL encryption does not prevent a man-in-the-middle attack if the
> web site
> is recording the user name and password.
>
> It is a good idea to ensure MSU netid authenticated web applications
> use SSL encryption. However, some web applications can not use SSL
> for
> technical reasons.
As a point of clarification, Shibboleth is integrated with Sentinel
(which uses kerberos), so if you integrate with Shibboleth, you get
the Sentinel action as well. Kerberos ticket passing is also a
fantastic and secure way to utilize our krb AuthN solution.
./mk
--
Matt Kolb <[log in to unmask]>
Academic Technology Services
Michigan State University
|