On Apr 9, 2008, at 3:04 PM, Joe Budzyn wrote: > It is strongly recommended that any authentication be encrypted. > The preferred > method of authentication is through Sentinel. An alternative method > for > authentication that is becoming more popular is Shibboleth. > > SSL encryption does not prevent a man-in-the-middle attack if the > web site > is recording the user name and password. > > It is a good idea to ensure MSU netid authenticated web applications > use SSL encryption. However, some web applications can not use SSL > for > technical reasons. As a point of clarification, Shibboleth is integrated with Sentinel (which uses kerberos), so if you integrate with Shibboleth, you get the Sentinel action as well. Kerberos ticket passing is also a fantastic and secure way to utilize our krb AuthN solution. ./mk -- Matt Kolb <[log in to unmask]> Academic Technology Services Michigan State University