SIP in higher education

[Deke Kassabian <>]

--On Friday, March 31, 2006 5:14 PM -0500 Alan Crosswell 
<> wrote:
> What about the fact that most handsets have very weak security?  Do
> you really want your handset to store your cleartext password (so it
> can do the kerberos authn with it) or would you rather use your
> kerberos stuff for a provisioning web application that gives out a
> phone-specific password?

Hi Alan,

Yes, I agree that authentication for/using handsets still seems to 
have a serious set of challenges.

Kerb AuthN for a provisioning app certainly seems like a good idea. 
Maybe a standalone app, since native kerberos for web apps is still 
something of a challenge, too.  At Penn, we have a web-based VoIP 
service provisioning app that we developed and that uses Kerberos for 
back-end password verification (but doesn't use Kerberos natively).

But also kerberized SIP soft clients on laptops would be a VERY handy 
thing for organizations like Penn that are heavy users of Kerberos.

^Deke


> Duane wrote:
> > Candace Holman wrote:
> >
> > > Others in this group can comment better on a whether there is a big
> > > campus-centric interest in using Kerberos just for authenticating
> > > the client.
> >
> > The admin asking me about kerberos for authentication has about
> > 30,000 handsets and wants to authenticate them against kerberos
> > (existing campus infrastructure)...

-------
Deke Kassabian,  Senior Technology Director
Information Systems and Computing, University of Pennsylvania

Attachment: pgpWYuKisu2sg.pgp
Description: PGP signature