"Sharad Desai" writes:

> Also, (I'm not sure how familiar people are with Cosign) since Cosign
> transforms Kerberos authentication to a cookie-based authentication
> which the browsers can use, I was wondering if you have had any
> experience with this.

Given your platform constraints and desire to avoid Active Directory, I
think Cosign is definitely your best option. However, I believe that you
will need a UNIX server to run the Cosign login daemon, even though you
can use IIS for specific web applications. I could be wrong, since I
don't run it myself, but you should check on that if that will be a

Russ Allbery (rra@stanford.edu)