Hi
I have written a Java web application which has a basic password login
screen. This works fine, but I would now like to allow users into my system
if they have previously authenticated against Active Directory. I.E. if they
can provide a valid kerberos ticket, I'll let them straight
Richard Gundersen wrote:
Hi
I have written a Java web application which has a basic password login
screen. This works fine, but I would now like to allow users into my
system if they have previously authenticated against Active Directory.
I.E. if they can provide a valid kerberos ticket,
Richard Gundersen wrote:
Hi
I have written a Java web application which has a basic password login
screen. This works fine, but I would now like to allow users into my
system if they have previously authenticated against Active Directory.
I.E. if they can provide a valid kerberos ticket,
Hi Nikola
Thanks for your quick and detailed reply. While it would be great if Tomcat
could interpret SPNEGO, I don't mind setting up Apache to sit in front of
Tomcat (in fact I was going to do this anyway for speeding up the static
content).
How would Apache send the details to Tomcat once
I *think* the problem is that Microsoft is returning a 200 OK message
but it has
additional authentication header fields attached to it. If they were
using the 401
code, that would be OK, but they are using 200 and adding the final
mutual-auth
GSSAPI tokens to it, which, I believe, is a
Hi
I downloaded MIT kerberos 5(krb5-1.4.1) ,did a
./configure, did make, make install, all successfully.
But make check is giving errors.
My system details:
It is an AMD machine with solaris ver 9.
declare -x HOSTTYPE=i386
declare -x LOGNAME=root
declare -x MACHTYPE=i386-pc-solaris2.9
declare
Buck Huppmann [EMAIL PROTECTED] writes:
gcc -c ${source} `${newly_installed_krb5}/bin/krb5-config --cflags`
...
gcc -o ${target} ${objects} \
`${newly_installed_krb5}/bin/krb5-config --libs`
? or (to possibly uncover a bone of contention) does krb5-config not
emit -R options?
Richard Gundersen wrote:
Hi Nikola
Thanks for your quick and detailed reply. While it would be great if
Tomcat could interpret SPNEGO, I don't mind setting up Apache to sit
in front of Tomcat (in fact I was going to do this anyway for speeding
up the static content).
Most people advocate
gcc -c ${source} `${newly_installed_krb5}/bin/krb5-config --cflags`
...
gcc -o ${target} ${objects} \
`${newly_installed_krb5}/bin/krb5-config --libs`
? or (to possibly uncover a bone of contention) does krb5-config not
emit -R options?
krb5-config can't not safely emit -R options
something that will eventually not work anyway. The funny thing is, if you
are going to store passwords on your Microsoft AD server acting as a KDC,
then what is the point of having a KDC in the first place...in terms of
Microsoft authentication? This is why I say that Microsoft uses Kerberos
Hm. I think we have a problem here. Certainly MIT's krb5-config emits
-R options (on the appropriate platform), and the autoconf glue that
I've written assumes that it does. I was under the impression that gcc
(at least on Solaris) passes -R options to ld unmolested (I just tested
that,
You might use a commercial java package from Vintela/Wedgetail which I think
is now part of Quest, which as far as I remember work with Tomcat.
Markus
Richard Gundersen [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi Nikola
Thanks for your quick and detailed reply. While it
Ken Hornstein [EMAIL PROTECTED] writes:
Presumably krb5-config won't output -R on platforms if the compiler
doesn't understand it, right? I'm just saying that I've never noticed
this to be a problem in practice (although judging by what I've seen in
people's krb5-config scripts, I appear to
13 matches
Mail list logo