Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Method for Configuration-less Client for Kerberized Web Server to Suit World Wide Web (Internet based portals)

IP.com Disclosure Number: IPCOM000185398D
Original Publication Date: 2009-Jul-24
Included in the Prior Art Database: 2009-Jul-24
Document File: 3 page(s) / 94K

Publishing Venue

IBM

Abstract

Disclosed is a method to make Kerberos protocol applicable to internet like environment by managing its seamless client configuration across dynamic and ever changing instances of internet users.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 3

Method for Configuration-less Client for Kerberized Web Server to Suit World Wide Web (Internet based portals)

Authors:

Sachin C Punadikar, Sandeep Ramesh Patil, Dwip N Banerjee, Venkat Venkatsubra

Background : Kerberos is a network authentication protocol, used for authenticating a user, over insecure network in a client server application. Another major benefit of using Kerberos protocol is that the user password (used for authentication) is never transmitted over the wire.

Problem: Since the advent of world wide web, most of the business application and processes are over the web and with the success of Web 2.0 the trend is sure to increase. Kerberos protocol has traditional been favored for intranet based application. But there is a strong market need for Kerberos enablement in the internet environment and its suitability to world wide web in its true sense.

The major need for Kerberos to suit for internet based application (like websites) are:
1.The need for browsers on the client machines to have support for Kerberos plug-in
2. Having the Web-servers have Kerberos Plug-in
3. The need for the client machines to have Kerberos "configured" to the specific realm/cell by an user/administrator.

The first two needs are already met and there are web browsers as well as web servers which now support Kerberos plug-ins. But, because of the third need ( which is the pressing concern) the existing infrastructure can be exploited only in an intranet like environment ( where there are finite number of machines which can be administered) and not internet/WWW like environment where the number of machines are endless and its not possible to administer them to meet the Kerberos client configuration requirement.

Disclosed Solution: The disclosed solution overcomes the above mentioned problem. It states a method for having configuration-less client using which the Kerberos protocol can be used for internet based applications like websites or portal. It addresses the strong need for having loosely coupled and more user-friendly approach for accessing kerberized web servers. The disclosed method also has the advantage of having able to simultaneously use the Kerberos protocol across two different website with different Kerberos configuration requirement which is not possible with the current systems where the machine is typically configured to a single Kerberos realm/cell.

Detail Implementation Steps are given below:

Prerequisites:

1. The web server machine is configured to the Kerberos Server (KDC).
2. The web server has the required rights to run the Kerberos administrative commands/APIs

1

Page 2 of 3

At a broader level one can have two modes of interaction with web based public portals, which requires user authentication. First is user creation or sign up and the second one is user authenti...