Active Directory --> Java web app

Richard Gundersen richardgundersen at hotmail.com
Mon Aug 1 08:39:53 EDT 2005


Hi

I have written a Java web application which has a basic password login 
screen. This works fine, but I would now like to allow users into my system 
if they have previously authenticated against Active Directory. I.E. if they 
can provide a valid kerberos ticket, I'll let them straight through. NB I do 
not maintain the instance of Active Directory; it actually belongs to 
another organisation.

Could anyone suggest a good way for me to do this. I guess I need to address 
the following:

1) How will AD pass it's ticket to my system?
2) How will I verify the ticket? (GSS-API?)
3) I know MS have done some dodgy things to their tickets (non-standard 
flags). Do I need to worry about them for this reason?

Thanks for your help. I know I'm being a bit vague but it's only because I'm 
not experienced with Kerberos. If you want me to clarify any requirements 
just shout.

Appreciate your help - thanks!

Richard




More information about the Kerberos mailing list