Extract Information from Ticket.
Bruce Stewart
BruceS at nsfas.org.za
Mon Mar 5 03:18:15 EST 2007
Hi Michael,
> Actually only with jcifs-ext and that package is horribly out
> of date.
Agreed that it is horribly out of date ;-). I mentioned "jcifs and jcifs-ext" because jcifs-ext depends on jcifs, and jcifs therefore needs to be included.
> The
> stock jcifs distribution only supports NTLM SSO (but that
> actually works
> quite well assuming you don't need delegation).
FWIW...the spnego classes accept NTLM aswell as Kerberos tokens - which was a problem for us - we only wanted Kerberos tokens (because we wanted delegation). I created our own bare bones version of the jcifs.spnego.Authentication class - removed the jcifs dependencies (i.e. NTLM code), "client" code and reflection based GSS-API code. Instead of returning a Principal with authentication.getPrincipal(), we return a javax.security.auth.Subject (which contains the KerberosPrincipal and KerberosTicket) with getSubject(). That allows us to use Subject.doAs(subject, ...) etc.
Using the jcifs-ext code as a guide it was pretty easy for us to create exactly what we needed.
Cheers,
Bruce
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.7/710 - Release Date: 04/03/2007 13:58
This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify NSFAS immediately. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the organisation.
More information about the Kerberos
mailing list