Enrique, On 2/18/07, Enrique Rodriguez <[EMAIL PROTECTED]> wrote:
Hi, Directory developers, As part of documenting practical uses of Apache Directory for Kerberos authentication, I got Kerberos authentication to a Wicket web app working. This uses the "SPNEGO+GSS-API+Kerberos V5" scheme popularized by IE and now well-supported in Firefox. I used the jGSS code in JDK 1.5, so this was a pretty quick 80-lines of code to glue Negotiate processing to Wicket. The "three-headed" Kerberos setup I tested was (1) Firefox 2 and IE 7 (2) Wicket app (3) and Apache Directory.
That sounds neat. I'm sure this will come in handy when we build a UI for the server and need to authenticate users. I wanted to check where the best home for this code is. I followed
the layout of the "signin" and "signin2" apps in Wicket Examples, so one possibility is a contribution to Wicket. But, 90% of the difficulty is in the configuration of Kerberos, so I think it makes the most sense to maintain at Directory. The code is commented and ready to commit. I would do a Confluence page to detail, from scratch, how to set this up.
Great! Documentation would be good. This sounds like a perfect candidate for the clients project under the kerberos module in it. I don't think we have added much if anything to this module. Here's the SVN url for the base: http://svn.apache.org/viewvc/directory/clients/trunk/kerberos/ Any objections to my committing this to Directory? None, so long as there is some documentation to accompany the sources committed. Thanks, Alex
