Implementing a KDB plugin
Rick van Rein
rick at openfortress.nl
Fri May 6 04:34:30 EDT 2016
Hello Harsh,
> I have a use case where I need to authenticate Kerberos principals against
> a RESTful Cloud service. This service can talk to an Active Directory(AD)
> which maintains the users passwords. On the client side we have a Linux
> based VM which runs the MIT Kerberos server. It has also Samba running.
>
Please note that I am drafting an integration method for Kerberos +
Diffie-Hellman
into TLS, known als TLS-KDH. I think most questionable parts are gone
nowadays,
and we are implementing this for a client and server side. This work is
scheduled
for delivery on July 1st.
http://tls-kdh.arpa2.net
https://tools.ietf.org/html/draft-vanrein-tls-kdh
What you seem to want (KRB --> REST --> KRB if I understand correctly) would
easily run into timeouts of Kerberos clients which may be as low as 1 second
and are not generally user-tunable. I bet you said HTTP and meant HTTPS,
which would aggravate the chances of a timeout.
-Rick
More information about the krbdev
mailing list