Hi, I am using jdk 1.7 on win 7 and jdk 1.6 on debian.
Regards, Miten. ________________________________ From: Booker Bense <[email protected]> To: miten mehta <[email protected]> Cc: "[email protected]" <[email protected]> Sent: Monday, October 8, 2012 7:44 PM Subject: Re: kerberos / spnego On Mon, Oct 8, 2012 at 5:21 AM, miten mehta <[email protected]> wrote: > Hi, > > I have attempted kerberos for SSO for web app using spring-security and have > doubts. would appreciate if one can take look at my post here and advise. > > http://forum.springsource.org/showthread.php?130775-spring-security-spnego-kerberos-sso&p=426585#post426585 > If the software is really capable of doing SPENGO, you should never need to enter your password into the web application. That's the whole point. Most browsers need some configuration tweaks to enable SPENGO, I think only Explorer will do it out of the box. If the web app has a valid keytab and support for SPENGO, it should never need to talk to the KDC. It looks like what is really happening is that the software is attempting to use some form of basic auth where it requests a username/password and uses kerberos to verify the password. The error message you are seeing suggests that the kerberos library it's using doesn't have proper support for PRE-AUTH ( old version of Java?) If you want support for kerberos in Java, you should be using at least 1.6. Most prior versions have very broken kerberos support. If you're willing to live with username/pw on the web application, then you'll likely have better luck using LDAP rather than kerberos. - Booker C. Bense ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
