Extract Information from Ticket.
Michael B Allen
mba2000 at ioplex.com
Fri Mar 2 12:03:58 EST 2007
On Fri, 2 Mar 2007 13:58:40 +0200
"Bruce Stewart" <BruceS at nsfas.org.za> wrote:
> Hi,
>
> > Does anybody know how I can extract Principal and other Information from that Ticket in Java?
Are you sure mod_auth_kerb doesn't put the principal name somewhere
(e.g. REMOTE_USER)?
Otherwise you have to base64 decode that blob and use ASN.1 decoding to
find the principal you're interested in.
But it would probably be easier to just do authentication yourself and
ditch the Apache module
> You can do it using the jcifs AND the jcifs-ext library - look at the spnego classes and http negotiation filter etc..
Actually only with jcifs-ext and that package is horribly out of date. The
stock jcifs distribution only supports NTLM SSO (but that actually works
quite well assuming you don't need delegation).
Java 1.6 JGSS supposedly supports SPNEGO. I haven't tried it but
all you should have to do is base64 decode that blob feed it to
GSSContext.acceptSecContext().
Mike
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/
More information about the Kerberos
mailing list