[OpenAFS] AFS and WebDAV

[Noel Burton-Krahn]

Interesting.  It certainly would be nice to see SASL in a browser.  Until
then, SSL and cookies are the best solution I can think of.

Let me just say how nice it is to have authentication and file access
control handled by Apache and OpenAFS.  We use several packages under
Apache, including sqwebmail and wcal.  Both come with
authentication/login/password mechanisms.  We replaced them with Apache's
OpenAFS authentication and voila! single sign on.  And we don't have to
worry about web scripts accidentally trashing someone else's data.  And
users can use AFS ACLs for web access control... Life is good.

--Noel


----- Original Message -----
From: "Leif Johansson" <leifj@it.su.se>
To: "Noel Burton-Krahn" <noel@bkbox.com>
Cc: "Mark Montague" <markmont@umich.edu>; "John Rudd" <jrudd@ucsc.edu>;
<openafs-info@openafs.org>; <lha@it.su.se>
Sent: Wednesday, January 14, 2004 11:15 AM
Subject: Re: [OpenAFS] AFS and WebDAV


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Noel Burton-Krahn wrote:
> | Hi Leif,
> |
> | I've found that IE's DAV client completely ignores cookies.  I handled
> that
> | by reusing a krb5 ticket from repeated "Authentication: " headers.
> |
>
> That reminds me - the heimdal people are working on http-spnego which
> is broken in that you still need ssl for server auth but there is no
> gssapi/ssl channel binding, but it's still better than passwords. It
> will be in some future version of mozilla I believe. At least you can
> do creds forwarding. Better still would be http-sasl but I digress...
>
> Cheers Leif
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFABZU48Jx8FtbMZncRAumAAKCakk4UkkUhaymaoioxrhVu2LvsWQCgqh8Y
> 8jCz5ijIqLH4S91oTZS4XZg=
> =58AU
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>