Kerberos/Android

[Derek Atkins]

Hi,

Benjamin Kaduk <kaduk at mit.edu> writes:

> On Tue, May 09, 2017 at 02:19:04PM +0200, Rick van Rein wrote:
>> Hey,
>> 
>> > Our dev team is currently trying to kerberize some client software running
>> > on an Android phone (client side, the server runs on CentOS).
>> 
>> Interesting, would you care to tell some more?  Open or closed software?
>> 
>> > So can someone on this list give us advice ?
>> 
>> Any such advice could not exceed the accuracy of your "grabbed stuff
>> on GitHub"
>> reference I fear :)
>
> I can offer slightly better, namely that when I was on staff at MIT,
> we hired a contractor to port MIT krb5 to android, which resulted in
> https://github.com/cconlon/kerberos-java-gssapi and
> https://github.com/cconlon/kerberos-android-ndk .  I didn't get a
> chance to try them out and review them, myself, but it is somewhat
> more reputable than "random stuff on github" would otherwise need to
> be considered.  I do know of a couple of projects of varying
> seriousness that built off of those.

Just to add a bit to this... in my previous job we took this code and
incorporated it into some Android products.  I do believe we had to make
some additional changes, but it's been ~3-4 years so the memory is a
little fuzzy.  At the time we were using it in our own products and not
providing it as an SDK.  IIRC we hooked into Chromium and added HTTP
GSSAPI authentication.

I haven't looked at it in over 3 years so I don't have any more recent
information.

> -Ben

-derek
-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant