SSO with Win2k KDC and WLS8.1 running on Solaris
Jens Bo Friis
jbf at it-practice.dk
Wed May 12 21:02:22 EDT 2004
Hello Claude,
Claude> I want to build a SSO between Windows 2000 and my J2EE application. My Java
Claude> clients connect to WLS 8.1 running on Solaris.
Claude> I would like to use the Windows 2000 KDC and I have no KDC on UNIX.
Claude> 1) Is it correct to implement this using JAAS and the GSS-API?
First, there has been a lot of discussion on the subject on
http://forum.java.sun.com, the Security Applications, APIs, and Issues
forum.
Some have come up with a client-server JAAS solutions, moving the
authenticated user from client side to server side, without using
kerberos. Some more secure than others...
but as an alternative, you might want to take a look at the SPNEGO
protocol (Kerberos). Search the web for SPNEGO and JAVA
/Bo
http://appliedcrypto.com
More information about the Kerberos
mailing list