Servers, sockets & security

[Sandeep Mehta]

In article <2293 at auspex.auspex.com>, guy at auspex (Guy Harris) writes:
>
>Another way might be to use some mechanism such as Kerberos, and require
>the client to provide some sort of validated cookie to prove who they
>are.

Yup, using a proven authentication protocol, such as Kerberos, seems to
me to be the best way to go. Using a encyrpted key you can do correct
authentication in at least 4 or more encryptions+decryptions.  Kerberos
reaches authentication at the cost of synced clocks (if clients/servers
are across machine boundaries) because it is time-stamp based. I don't
know the performance degradations of using correct authentication in
your application but with >= 4 encrypts+decrypts it's probably
non-trivial.

sandeep
--
Sandeep Mehta                                       ...to be or not to bop ?
uunet!philabs!bebop!sxm                             sxm at philabs.philips.com