Kerberos user management & J2EE question

Chris tandaina at
Thu Nov 18 14:43:24 EST 2004

  I've done some searching of the group and havn't really found
anything that relates to my question so here goes.

  Does anyone know if there is an existing set of Java libraries for
managing Kerberos users?  I'll outline my problem:

We are creating a client/server application. The client is written in
Java, the server is J2EE.  We've got the client authentication working
great with Kerberos and successfully passing tickets to the J2EE
server, etc.  All is happy there.

The issue is that we need the java server application to be able to
create new Kerberos principals and also change passwords.  Our users
use a remote adming tool to connect to the server and create new users
for the client application.  When they do this our server needs to
create a new kerberos user.

We can have the server run a command line kadmin command to accomplish
this but that isn't really how we want to do things since our Kerberos
machine and server are seperated and there are security concerns with
this solution.

So instead we'd like to be able to sort of recreate what kadmin does
behind the scenes.  We'd also prefer NOT to reinvent the wheel.  So
far I've had no luck finding information on doing this, all the
Kerberos protocol information I've found deals with authentication of
users, not with managing users.

Could anyone point me in the right direction?


More information about the Kerberos mailing list