[24373] in Kerberos
Active Directory --> Java web app
daemon@ATHENA.MIT.EDU (Richard Gundersen)
Mon Aug 1 08:40:36 2005
Message-ID: <BAY102-F224D17B159FE9B2995DE81DFC30@phx.gbl>
From: "Richard Gundersen" <richardgundersen@hotmail.com>
To: kerberos@mit.edu
Date: Mon, 01 Aug 2005 13:39:53 +0100
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Errors-To: kerberos-bounces@mit.edu
Hi
I have written a Java web application which has a basic password login
screen. This works fine, but I would now like to allow users into my system
if they have previously authenticated against Active Directory. I.E. if they
can provide a valid kerberos ticket, I'll let them straight through. NB I do
not maintain the instance of Active Directory; it actually belongs to
another organisation.
Could anyone suggest a good way for me to do this. I guess I need to address
the following:
1) How will AD pass it's ticket to my system?
2) How will I verify the ticket? (GSS-API?)
3) I know MS have done some dodgy things to their tickets (non-standard
flags). Do I need to worry about them for this reason?
Thanks for your help. I know I'm being a bit vague but it's only because I'm
not experienced with Kerberos. If you want me to clarify any requirements
just shout.
Appreciate your help - thanks!
Richard
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
