kerberos instead of http over ssl

Question

If I want to use kerberos instead of https (http over ssl) how do I make sure data is not tampered or read in the transit?

Generally, you use both SSL *and* Kerberos to put an extra layer of security (SSL) over the Kerberos ticket exchange. — wzzrd, Oct 21 '10 at 13:33

score 0 · Answer 1 · answered Oct 21 '10 at 09:06

0

You're barking up the wrong tree. Kerberos is exclusively an authentication mechanism - it is as much use for the purposes you suggest as a banana.

Why do you want to use HTTPS?

answered Oct 21 '10 at 09:06

symcbean

21,009
1
31
52

In fact, it is possible to use Kerberos session keys for encrypting traffic. LDAP does this, as did Telnet long ago. – user1686 May 05 '11 at 14:18

score 0 · Accepted Answer · answered Oct 21 '10 at 13:28

0

You have a false premise, but your question can be answered.

Encrypt the data. You can use secret-key encryption or public-key encryption (usually in conjunction with secret-key encryption - for non trivial amounts of data). Plus a secure method of key exchange.

Generally it is better to use a well tested solution (e.g. HTTPS or SSH) than try to create your own solution.

answered Oct 21 '10 at 13:28

RedGrittyBrick

3,832
1
17
23

Probably I was looking for something like this http://tools.ietf.org/html/draft-ietf-tls-kerb-cipher-suites-00 . But I guess this did not go well beyond a draft. I will stick with existing methods. Thanks. – kalyan Nov 15 '10 at 14:30

kerberos instead of http over ssl

2 Answers2