Thanks for the quick response. It seems I can't use these two protocols at the moment then.
So let me describe my situation and maybe someone will give me some hint. I have a service A that will launch a bunch of jobs for its client. The jobs will interact with a Kerberos secured service B. I was thinking about deploying a service principal for A onto the host where A is running and have it impersonate its clients using S4U2Proxy and S4U2Self protocols. Since S4U2Proxy and S4U2Self is not yet working on ApacheDS, then the other option I can think of is to deploy a key for each client of A onto the host where A is running. So A will request Kerberos ticket for its client and use the ticket to access service B. The trouble is that everytime I add a new client for A, I have to add a key entry into the keytab, which is a pain. Does anyone knows better way to do it? Regards, james From: Marc Boorshtein [mailto:[email protected]] Sent: Monday, May 13, 2013 3:23 PM To: Apache Directory Developers List Subject: Re: S4U2Proxy and S4U2Self on ApacheDS I think that might have been me. While I was able to generate the tickets, they were never accepted by IIS (when ISA tickets were) so I gave up. But I was more focussed on the client APIs, not in having ApacheDS being a KDC. Thanks Marc On Mon, May 13, 2013 at 6:06 PM, Wu, James C. <[email protected]<mailto:[email protected]>> wrote: Hi, Does anyone know if ApacheDS support this two protocols? In 2010, someone mentioned about trying to implement these protocols. Are the work done? If so, how can I test them? Regards, James
