Richard Gundersen wrote:
Hi
I have written a Java web application which has a basic password login
screen. This works fine, but I would now like to allow users into my
system if they have previously authenticated against Active Directory.
I.E. if they can provide a valid kerberos ticket, I'll let them
straight through. NB I do not maintain the instance of Active
Directory; it actually belongs to another organisation.
Could anyone suggest a good way for me to do this. I guess I need to
address the following:
1) How will AD pass it's ticket to my system?
2) How will I verify the ticket? (GSS-API?)
3) I know MS have done some dodgy things to their tickets
(non-standard flags). Do I need to worry about them for this reason?
Oh, and just a side-note - one could sit down and WRITE a SPNEGO
authenticator, just noone has done it, yet.
Nix.
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
