SSO Application needs username from GSSName (or GSSAPI)
Simo Sorce
simo at redhat.com
Fri Aug 1 13:47:52 EDT 2014
On Fri, 2014-08-01 at 00:02 -0700, amit wrote:
> Hi,
>
> I am trying to use kerberos authentication using GSS-API in java.
> We have following two methods to getGSSName once we get the TGT form KDC.
>
> 1. GSSCredential cred =
> manager.createCredential(GSSCredential.INITIATE_ONLY);
> 2. GSSName gssName = cred.getName();
>
> The format of GSSName is <USERNAME>@<REALM_NAME>
>
> As my application is using SSO, it does not have username and need to get it
> from above mentioned GSSName.
> We can have username including '@' character so simple cropping of string on
> the basis of first existence of '@' character won't work as username can
> have '@'.
>
> So, the other way remains is to crop GSSName with the last existence of '@'
> character in a string (if realm_name can not have '@' char).
>
> Could anyone please help me in clarifying if we can have '@' character in
> realm_name or not?
> If realm_name can have '@' character, is there any other way to get USERNAME
> from some GSSAPI?
Does your implementation support gss_localname() ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list