[Haskell-cafe] Unified Haskell login

Brandon S Allbery KF8NH allbery at ece.cmu.edu
Fri Sep 17 17:43:36 EDT 2010

Hash: SHA1

On 9/17/10 05:27 , Neil Davies wrote:
> Why not use kerberos?
> We find it works for us, integrates with web (natively or via WebAuth),
> remote command execution (remctl) and ssh - widely used, scales brilliantly.

1. Kerberos is only authentication.  Authorization you get to deal with
yourself, and you won't be able to use many off the shelf solutions in that

2. You require people to have Kerberos clients, and possibly kx509 for web
auth.  Or else you're just using it as a password store for programs to
check against, in which case you've pretty much made it pointless.

Mind, we use Kerberos heavily around here... but we have the infrastructure
that uses it.   Web application space is *not* something that integrates
well, though, unless you use it as a dumb store and manage the resulting
authentication information yourself (Pubcookie, etc.).  For a primarily web
based community, it's not an appropriate choice.

- -- 
brandon s. allbery     [linux,solaris,freebsd,perl]      allbery at kf8nh.com
system administrator  [openafs,heimdal,too many hats]  allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university      KF8NH
Version: GnuPG v2.0.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the Haskell-Cafe mailing list