using kerberos to authenticate for a web api

Chris Hecker checker at
Tue Nov 5 02:22:40 EST 2013

I use kerberos for my authn system, including direct krb5 calls from my 
game, CoSign for webpage SSO, etc.  At some point, I'd like to make the 
metrics from my game available in a web API, and I'd like to 
authenticate these API users with the same kerberos system.  What's the 
best way to do this?  Most APIs are authenticated with OAuth these days, 
but I don't see any turnkey hookup for Kerberos and OAuth.  I found this 
old thing:

There's mod_auth_kerb, but it hasn't been updated in a long time (maybe 
it just works?), and it would require me to have API clients deal with 

Any advice here?


More information about the Kerberos mailing list