Implementing a KDB plugin

Rick van Rein rick at
Fri May 6 04:34:30 EDT 2016

Hello Harsh,

> I have a use case where I need to authenticate Kerberos principals against
> a RESTful Cloud service. This service can talk to an Active Directory(AD)
> which maintains the users passwords. On the client side we have a Linux
> based VM which runs the MIT Kerberos server. It has also Samba running.
Please note that I am drafting an integration method for Kerberos +
into TLS, known als TLS-KDH.  I think most questionable parts are gone
and we are implementing this for a client and server side.  This work is
for delivery on July 1st.

What you seem to want (KRB --> REST --> KRB if I understand correctly) would
easily run into timeouts of Kerberos clients which may be as low as 1 second
and are not generally user-tunable.  I bet you said HTTP and meant HTTPS,
which would aggravate the chances of a timeout.


More information about the krbdev mailing list