harvey.kravis at sungardbsr.com
Tue Jul 8 17:50:07 EDT 2003
I have several related questions:
1) I have a client/server database application and would like to
authenticate w/Kerberos independently of the database. In other words, I
just want to authenticate with Kerberos and will handle database
authentication separately. The question I have is this: is getting a TGT
through my application sufficient authentication? Or do I also need to have
a homegrown server app grant me a regular ticket? It seems to me that a TGT
is sufficient because it is username/password based, my users have to enter
a username and password each time they log in, and I'd like to avoid the
complexity of the socket thing and granting regular tickets. Each Kerberos
user relates to a corresponding database user. All of the database users
will have the same password known only to my program.
2) If I want to provide single sign-on in the future, is there a way to
programmatically determine which Kerberos user the current TGT is for under
the above scenario? I need to know which database user to log in with in
3) Is there good sample code out there that anyone can recommend? I have
the "Kerberos, A Network Authentication System" book by Brian Tung, but I'm
looking for something better.
4) What's a good source of information for doing this kind of authentication
(Kerberos independent of the database) in a web (.NET) application?
Any help would be appreciated!
SunGard BSR Inc.
More information about the krbdev