Network Security: Detailed info on Any security issue with using SPNEGOto perform single-sign-on?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

Subject:	Any security issue with using SPNEGOto perform single-sign-on?
Date:	Thu, 17 Mar 2005 14:19:20 -0800

Subject:

Any security issue with using SPNEGOto perform single-sign-on?

Date:

Thu, 17 Mar 2005 14:19:20 -0800

I was wondering if anyone has encountered any security concern/issues while implementing SPNEGO < http://www.vintela.com/resources/topics/spnego/ >. SPNEGO provides a single-sign-on in a KERBEROS enabled environment. Basically it allows web applications to automatically authenticate clients who have valid Kerberos credentials. I am planning to install the mod_spnego module on a apache server, that will enable the client to single-sign-on to our internal application, if they are part of our AD. I possible concern is the increase of CSRF type of attacks, but that is the case with any single-sign-on solution. -- In Peace, Saqib Ali http://validate.sf.net

<Prev in Thread]	Current Thread	[Next in Thread>
Any security issue with using SPNEGOto perform single-sign-on?, Saqib Ali <= Re: Any security issue with using SPNEGOto perform single-sign-on?, Paul Johnston

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Ber encoding for ldap response control., Babu Kopparam
Next by Date:	clear-text passwords in shell/perl scripts, Jeff Robertson
Previous by Thread:	Ber encoding for ldap response control., Babu Kopparam
Next by Thread:	Re: Any security issue with using SPNEGOto perform single-sign-on?, Paul Johnston
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Ber encoding for ldap response control., Babu Kopparam

Next by Date:

clear-text passwords in shell/perl scripts, Jeff Robertson

Previous by Thread:

Ber encoding for ldap response control., Babu Kopparam

Next by Thread:

Re: Any security issue with using SPNEGOto perform single-sign-on?, Paul Johnston

Indexes:

[Date] [Thread] [Top] [All Lists]