[24375] in Kerberos
Re: Active Directory --> Java web app
daemon@ATHENA.MIT.EDU (Nikola Milutinovic)
Mon Aug 1 08:59:57 2005
Message-Id: <42EE1C40.4060904@ev.co.yu>
Date: Mon, 01 Aug 2005 14:57:36 +0200
From: Nikola Milutinovic <Nikola.Milutinovic@ev.co.yu>
Mime-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <BAY102-F224D17B159FE9B2995DE81DFC30@phx.gbl>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Richard Gundersen wrote:
> Hi
>
> I have written a Java web application which has a basic password login
> screen. This works fine, but I would now like to allow users into my
> system if they have previously authenticated against Active Directory.
> I.E. if they can provide a valid kerberos ticket, I'll let them
> straight through. NB I do not maintain the instance of Active
> Directory; it actually belongs to another organisation.
>
> Could anyone suggest a good way for me to do this. I guess I need to
> address the following:
>
> 1) How will AD pass it's ticket to my system?
> 2) How will I verify the ticket? (GSS-API?)
> 3) I know MS have done some dodgy things to their tickets
> (non-standard flags). Do I need to worry about them for this reason?
Oh, and just a side-note - one could sit down and WRITE a SPNEGO
authenticator, just noone has done it, yet.
Nix.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
