Use of kerberos in AIR Client
2 views
Skip to first unread message
Dick Hirsch
Sep 29, 2008, 2:52:50 AM9/29/08
to esme-dev
HI,
Right now, the AIR client is using a token-based login. In the usual
corporate environment there should be no need for a login inasmuch as
the user is already logged into the PC.
Is it possible to use NTLM or Kerberos in the AIR client?
Dick
Right now, the AIR client is using a token-based login. In the usual
corporate environment there should be no need for a login inasmuch as
the user is already logged into the PC.
Is it possible to use NTLM or Kerberos in the AIR client?
Dick
Mrinal Wadhwa
Sep 29, 2008, 7:03:13 AM9/29/08
to esme...@googlegroups.com
Hi Dick,
I don't know enough about Kerberos and NTLM protocols to comment on feasibility of implementing them inside of the AIR client.
About our current login mechanism, there are a few things I'd like to change ..
1. The login token is currently not stored in an encrypted form on the user's machine by the AIR client, but it should be.
2. Our API is served over HTTP .. which means that if someone wanted to, they could sniff the network and read all the data transfered .. including the login token.
We should move towards serving the API on HTTPS, in which case the data communication is encrypted.
I don't know enough about Kerberos and NTLM protocols to comment on feasibility of implementing them inside of the AIR client.
About our current login mechanism, there are a few things I'd like to change ..
1. The login token is currently not stored in an encrypted form on the user's machine by the AIR client, but it should be.
2. Our API is served over HTTP .. which means that if someone wanted to, they could sniff the network and read all the data transfered .. including the login token.
We should move towards serving the API on HTTPS, in which case the data communication is encrypted.
>> In the usual corporate environment there should be no need for a login inasmuch as the user is already logged into the PC.
3. This could be implemented in the current state without using Kerberos .. right now the AIR client asks the user to click the login button even if the token is saved from a previos session .. this is not needed, we could just programatically log the user in if he/she has a token saved and he/she would straight away see the main window.
If we do the above three things, do we still need Kerberos or NTLM ?
Thank you,
Mrinal
If we do the above three things, do we still need Kerberos or NTLM ?
Thank you,
Mrinal
Reply all
Reply to author
Forward
0 new messages