Perhaps the following links could help:
Single Sign-on for Your Web Applications with Apache and Kerberos http://www.onlamp.com/pub/a/onlamp/2003/09/11/kerberos.html
There is also another one at the same site which could be of use:
Adventures with Kerberos, CVS, and GSS-API http://www.linuxdevcenter.com/pub/a/linux/2003/05/22/cvs_gssapi.html
Richard Gundersen wrote:
Hi
Sorry if this is the wrong place to ask this question - I'm having trouble understanding how to use GSS-API to make my web applications secure via Kerberos
For example, if I'm using Tomcat as my app server, would there be a GSS-API module (something like mod_ssl for Apache??) that sits in front of all network traffic, and only allows traffic through once mutual authentication has taken place?
Or would I use GSS-API to securely pass the Subject class from the local machine to the server so that JAAS can execute the relevant actions on behalf of that user?
Or is it something completely different? I'm struggling here because of the complete lack of good documentation for GSS-API on the web. If someone could either tell me how far from the truth I am, and/or point me in the direction of some good GSS-API resources, I would be ETERNALLY grateful.
Thanks
Richard
_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
--
Rikard Skjelsvik
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
