LDAP, MIT Kerberos and SPNEGO

Arpit Srivastava arpit.orb at gmail.com
Thu Oct 3 08:14:18 EDT 2013


I have a Java LDAP client and my AD-based LDAP server supports GSS-SPNEGO
mechanism for bind requests. I am trying to bind to LDAP server using
SPNEGO, and using MIT Kerberos (I have built the 1.11.3 version) library
for Kerberos GSS API implementation. However, I have following queries:

1. Does MIT Kerberos library support GSS-SPNEGO ?
(because I am getting libc error from Kerberos library if I set oid for
GSS-SPENGO, in org.ietf.jgss createContext() method, however, if set the
same for Kerberos, it just works fine.)

2. As in HTTP Negotitate authentication, we attach 'Negotiate AuthToken'
 in Authentication header in HTTP GET requests, what should be the
procedure for LDAP bind requests for SPNEGO (which should resolve to
Kerberos) which go as TCP packets ?


More information about the krbdev mailing list