1. Getting Started With Kerberos

    Recently, I have been playing with Kerberos, a popular Single Sign On system (SSO) that is used in many large organizations. My first contact with Kerberos has been at university in a network security course, but that only covered the cryptographic part, not the more practical issues like setting up …

    read more
  2. OpenID Delegation

    OpenID is a great concept but what I don't like is that I tie myself to a specific identity provider. Suppose the provider goes out of business or doesn't support OpenID anymore. Of course, I could set up my own private identity provider but I'm lazy and I don't want …

    read more
  3. Excluding Pages From Authentication

    Java's Servlet spec allows web applications to delegate authentication and authorization to the servlet container, a mechanism known as container-based security. A lot of people use it for in-house applications or web services because it's simple and containers like Tomcat already provide several authentication backends to choose from. There's one …

    read more
  4. SSH Public Key Authentication

    A lot of people use SSH to log into remote hosts. SSH is secure and works well, but if you have to access many hosts with long, well-chosen passwords there is a lot of typing to do just for authentication.

    In this article I'll walk you through a basic public …

    read more

« Page 2 / 2