Implementing a KDB plugin
Rick van Rein
rick at openfortress.nl
Fri May 6 04:34:30 EDT 2016
> I have a use case where I need to authenticate Kerberos principals against
> a RESTful Cloud service. This service can talk to an Active Directory(AD)
> which maintains the users passwords. On the client side we have a Linux
> based VM which runs the MIT Kerberos server. It has also Samba running.
Please note that I am drafting an integration method for Kerberos +
into TLS, known als TLS-KDH. I think most questionable parts are gone
and we are implementing this for a client and server side. This work is
for delivery on July 1st.
What you seem to want (KRB --> REST --> KRB if I understand correctly) would
easily run into timeouts of Kerberos clients which may be as low as 1 second
and are not generally user-tunable. I bet you said HTTP and meant HTTPS,
which would aggravate the chances of a timeout.
More information about the krbdev