regarding kerberos for different plateforms

Fred Dushin fred at dushin.net
Mon Sep 17 07:11:03 EDT 2007 

There are specification that allow you to integrate Kerberos with  
standards-based communications protocols.  For example, the OMG  
SECIOP specification is an extension to IIOP, which allows you to  
negotiate a secure IIOP channel between CORBA endpoints.

I know of only one vendor (Adiron) that supports this specification,  
and it is Java-only.

Another potential specification is the WS-SecureConversation  
specification, which is now being ratified by Oasis.  I do not know  
if any vendors support full Kerberos integration.  Microsoft may, but  
it's generally going to be a WCF-only kind of thing, and you're tied  
down to SOAP, for that.

Anyone know of any others?

Not sure if this is of any help to you.  If you're locked into using  
a communications protocol that does not support integration with the  
GSS-API, you may need to do your session negotiation "out of band".   
It's messy, but sometimes that's your only option.

Does anyone know if there has been any work to hook the GSS-API into  
the SSL handshake?  SSL seems fairly public-key oriented, but maybe  
there's an avenue there?

Or, perhaps a tunnel through SSH?  I've never used kerberos and ssh  
before.  Maybe someone here has.  (Has obvious limitations, e.g., if  
you have a lot of ports you need to tunnel, and if any of them carry  
references to other ports, so it would probably only work in the  
simplest scenarios)

-Fred

On Sep 17, 2007, at 4:38 AM, sharda saiwan wrote:

> Hello all,
>
> I have an application, in which client is running in C++ and server is
> running in java plateform.
>
> Now I want to make the peers authenticated and the communication  
> channels
> encrypted using Kerberos.
>
> Is it possible?
>
> Although Kerberos authentication mechanismis available in C++ as  
> well as in
> Java (e.g. GSS-API), BUT the problem is that there is a seperate  
> set of send
> and receive commands for sending and receiving security context for  
> C++ and
> Java. So I can not send the security context or credentials from one
> plateform (say C++) and receive it on another plateform (say Java).
>
> So, the question is, how to integrate Kerberos between c++ and Java?
>
> Is it possible or not?
> Is there any other method to solve the same?
>
> Please Help!!!!!!!!!!!!!
>
> regards
> --sharda
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>

More information about the Kerberos mailing list