24 May 2001 sxw   » (Apprentice)

Given my lack of progress on adding Kerberos support to NSS (and hence to Mozilla's TLS implementation), I've started looking at other solutions to the problem of using Kerberos credentials to authenticate web sessions.

The kx509 code from the University of Michigan is looking very promising. It allows users to gain short lived X509 certificates using their Kerberos credentials. These certficates are then transparently used by the browser (via a custom PKCS#11) module to authenticate to the server.

So far, I've hacked all of the umich specific stuff out of the code, and rejigged the build system so its better at dealing with different environments. Its looking very promising though - next step is to try to get some web applications to operate with client certificates.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!