Single sign-on with W2K, IE 6.1 and JGSS
Paul Sangster
paul.sangster at sun.com
Mon Sep 23 11:19:20 EDT 2002
Luke Howard wrote:
>>I have been trying to achieve single sign-on with IE 6.1 on Win2k systems.
>>Basically, trying to emulate IIS and IE kerberos auth exchange. In my case
>>the server happens to be Tomcat.
>>IIS and IE exchange GSSAPI token using SPNEGO mechanism. IIS sets HTTP
>>header "WWW-Authenticate:" to "Negotiate". IE responds with HTTP Header
>>"Authorization:" set to "Negotiate b64[gssapi-token]".
>>
>
> Does JGSS support SPNEGO? If not, and there is a Java ASN.1 parser, it
> shouldn't be too hard to add.
No I don't believe JGSS support SPNEGO (nor does Solaris's GSS).
>
>
>>Any ideas why this is happening? Also, is jgss implementation on Solaris
>>based on Sun GSSAPI C implementation? Is SSPI different from GSSAPI?
>>
>
> I don't know whether JGSS is based on the GSS-API C implementation. The
> latter is in turn based on the MIT code with fixed mech glue. SSPI has
> a different set of API bindings to GSS-API, however it emits compatible
> tokens and thus is wire-equivalent.
JGSS is a pure Java implementation so its not layered upon the existing C
implementation.
>
>
> -- Luke
>
> --
> Luke Howard | PADL Software Pty Ltd | www.padl.com
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list