P
polilop
I have been trying to implement authentification of AD users with kerberos
im my web app.
I have setup my realm, kdc, krb5.conf and all the necessary JAAS option as
follows:
credsType: initiator
debug:true
useDefaultCcache: true
And run the piece of code listed below, but i get authenticated with the
user on the local machine. I relized that i get authenticated with the user
for which i
make the tickiet with kinit. what i cannot find answers for is
1. For the HTTP authentification, do I have to do some kind of Negotiation
through the response (eg. rsp.setHeader("WWW-Authenticate", "Negotiate")) or
dose this JAAS do for me?
2. Is the user which now gets authenticated (the local), the user nedeed to
talk to my DC and authenticate the remote user over HTTP (also read that i
have to
make a keytab file, and map a Kerberos service principal name)
I have tried many thing's on the web but havent found where the nagotiation
between my servlet and remote user takes place (allso setup my IE security)
:
LoginContext context = null;
try {
context = new LoginContext("searchkrb5");
context.login();
}
catch (LoginException e) {
System.err.println("Login failed");
System.out.println(e.getLocalizedMessage());
e.printStackTrace();
}
Subject subject = context.getSubject();
System.out.println(subject.toString());
Subject.doAs( subject, new TestJob());
im my web app.
I have setup my realm, kdc, krb5.conf and all the necessary JAAS option as
follows:
credsType: initiator
debug:true
useDefaultCcache: true
And run the piece of code listed below, but i get authenticated with the
user on the local machine. I relized that i get authenticated with the user
for which i
make the tickiet with kinit. what i cannot find answers for is
1. For the HTTP authentification, do I have to do some kind of Negotiation
through the response (eg. rsp.setHeader("WWW-Authenticate", "Negotiate")) or
dose this JAAS do for me?
2. Is the user which now gets authenticated (the local), the user nedeed to
talk to my DC and authenticate the remote user over HTTP (also read that i
have to
make a keytab file, and map a Kerberos service principal name)
I have tried many thing's on the web but havent found where the nagotiation
between my servlet and remote user takes place (allso setup my IE security)
:
LoginContext context = null;
try {
context = new LoginContext("searchkrb5");
context.login();
}
catch (LoginException e) {
System.err.println("Login failed");
System.out.println(e.getLocalizedMessage());
e.printStackTrace();
}
Subject subject = context.getSubject();
System.out.println(subject.toString());
Subject.doAs( subject, new TestJob());