On 6/9/07, Emmanuel Lecharny <[EMAIL PROTECTED]> wrote:
Enrique Rodriguez a écrit :
> Firefox used to send a "GSSAPI/Kerberos v5 OID" and at some point in
> the last 6 months it started sending a "SPNEGO OID." The problem is
> that Java 1.5 only supports "GSSAPI/Kerberos v5" and so you get an
> exception from jGSS when the SPNEGO OID shows up. However, with Java
> 1.6 "SPNEGO" is handled properly. This causes a compatibility issue
> for us since as a project we are on 1.5 hence the commit to my
> sandbox. I'm still trying to determine whether there is a way to
> configure which OID (mechanism) Firefox uses in the response.
from what I have seen on web lately, I'm not sure. May be by browsing FF
code source ?
Yeah, I started poking around with lxr and bonsai and I asked a
Mozilla colleague to help when he gets a chance.
...
Ok. Just a question, not sure is it relevant : if we have our own SPNEGO
codec, would it help ? (because we have this codec somewhere, but sandboxed)
I'm afraid that in addition to any codecs there is always protocol
workflow and so this would turn into a sizable undertaking.
...
Np, this is just a demo/test apps. As soon as it works ... I bet we
would like to create a more serious demonstrator some time, but I don't
know how we can set it up on directory.a.o.
I updated the doco, as with the GSSAPI doc, to have more details and
to use config for ApacheDS 1.5.1. Also, there is a Start class that
you should be able to run in Eclipse as a Java application and have it
start an embedded Jetty server and bind to 8080. I think that is the
easiest way to get this example running and skip the WAR deployment.
This is why the POM has the Jetty/Tomcat/nlog4j setup the way it is.
I recommend trying it in Eclipse first. Don't forget to configure the
JRE to be 1.6 for this specific Eclipse project. I couldn't figure
out how to get the mvn eclipse plugin to set this automatically and,
trust me, I tried.
Enrique
