[33046] in Kerberos
Re: Idle Timeout
daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Jan 4 12:54:44 2011
From: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
In-Reply-To: <20110104173514.GB10095@talktalkplc.com> (Brian Candler's message
of "Tue, 4 Jan 2011 17:35:14 +0000")
Date: Tue, 04 Jan 2011 09:54:38 -0800
Message-ID: <87mxngmu5d.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Brian Candler <B.Candler@pobox.com> writes:
> Kerberos is a single sign-on system. You get your TGT at the start of
> the day, and then it logs you in automatically and transparently to each
> service you visit.
> If you want the site to prompt for username/password, either initially
> or after an idle timeout, then I think it will need to do its own HTTP
> Basic authentication.
Or you can use a web authentication system based on or capable of using
Kerberos, like:
http://webauth.stanford.edu/
http://cosign.sourceforge.net/
which offer various additional features, such as this sort of idle
timeout. Kerberos by itself is not going to provide this.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
