On 2/19/07, Enrique Rodriguez <[EMAIL PROTECTED]> wrote:
Hi, Directory developers,
Hi,
As part of documenting practical uses of Apache Directory for Kerberos authentication, I got Kerberos authentication to a Wicket web app working. This uses the "SPNEGO+GSS-API+Kerberos V5" scheme popularized by IE and now well-supported in Firefox. I used the jGSS code in JDK 1.5, so this was a pretty quick 80-lines of code to glue Negotiate processing to Wicket. The "three-headed" Kerberos setup I tested was (1) Firefox 2 and IE 7 (2) Wicket app (3) and Apache Directory.
This is great! Especially as we already are using Wicket in Triplesec and want to use it more.
I wanted to check where the best home for this code is. I followed the layout of the "signin" and "signin2" apps in Wicket Examples, so one possibility is a contribution to Wicket. But, 90% of the difficulty is in the configuration of Kerberos, so I think it makes the most sense to maintain at Directory. The code is commented and ready to commit. I would do a Confluence page to detail, from scratch, how to set this up. Any objections to my committing this to Directory? Would it be a module in trunk or something I put in my sandbox, maybe until you get to review a TBD Confluence page?
We are generally putting such stuff at DIRxSBOX space so that we can review or not publish until it's mature (well I do not say all the content in other spaces are mature). Stefan has such an effort here for example: http://cwiki.apache.org/confluence/display/DIRxSBOX/Embedding+ApacheDS+as+a+Web+Application And for the package structure, I think it can be in an 'examples.wicket' package in Kerberos code. Stefan may have more ideas here as he's already doing some similar stuff these days. Thanks!
Enrique
-- Ersin
