I was wondering if anyone has encountered any security concern/issues while implementing Vintela's SPNEGO < http://www.vintela.com/resources/topics/spnego/ >. SPNEGO provides a single-sign-on in a KERBEROS enabled environment. Basically it allows web applications to automatically authenticate clients who have valid Kerberos credentials. I am planning to install the mod_spnego module on a apache server, that will enable the client to single-sign-on to our internal application, if they are part of our AD. One possible concern is the increase of CSRF type of attacks, but that is the case with any single-sign-on solution. There is also the mod_spnego available on sourceforge.net any experiences with that? Thanks. Saqib Ali http://validate.sf.net --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|