Skip to Content.
Sympa Menu - Re: [] Kerberos based authentication for SIP

Subject: SIP in higher education

List archive

Re: [] Kerberos based authentication for SIP

Chronological Thread 
  • From: Deke Kassabian <>
  • To:
  • Cc: , Prashant Kumar <>, , Shumon Huque <>, Mark Sirota <>
  • Subject: Re: [] Kerberos based authentication for SIP
  • Date: Sat, 01 Apr 2006 08:11:37 -0500

--On Friday, March 31, 2006 5:14 PM -0500 Alan Crosswell <> wrote:
What about the fact that most handsets have very weak security? Do
you really want your handset to store your cleartext password (so it
can do the kerberos authn with it) or would you rather use your
kerberos stuff for a provisioning web application that gives out a
phone-specific password?

Hi Alan,

Yes, I agree that authentication for/using handsets still seems to have a serious set of challenges.

Kerb AuthN for a provisioning app certainly seems like a good idea. Maybe a standalone app, since native kerberos for web apps is still something of a challenge, too. At Penn, we have a web-based VoIP service provisioning app that we developed and that uses Kerberos for back-end password verification (but doesn't use Kerberos natively).

But also kerberized SIP soft clients on laptops would be a VERY handy thing for organizations like Penn that are heavy users of Kerberos.


Duane wrote:
Candace Holman wrote:

Others in this group can comment better on a whether there is a big
campus-centric interest in using Kerberos just for authenticating
the client.

The admin asking me about kerberos for authentication has about
30,000 handsets and wants to authenticate them against kerberos
(existing campus infrastructure)...

Deke Kassabian, Senior Technology Director
Information Systems and Computing, University of Pennsylvania

Attachment: pgpWYuKisu2sg.pgp
Description: PGP signature

Archive powered by MHonArc 2.6.16.

Top of Page