File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Spring and the fly likes kerberos/spnego authentication without keytab file Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "kerberos/spnego authentication without keytab file" Watch "kerberos/spnego authentication without keytab file" New topic
Author

kerberos/spnego authentication without keytab file

rutuja patil
Greenhorn

Joined: Dec 17, 2009
Posts: 23
With spring can we use kerberos/spnego authentication in application without keytab file?

Thanks.
Anil Vupputuri
Ranch Hand

Joined: Oct 31, 2000
Posts: 527
rutuja patil wrote:With spring can we use kerberos/spnego authentication in application without keytab file?

Thanks.


No, keytab file is essential to establish the Trust relationship. URL for some reading on Kerberos with Spring.


SCJP 1.5, SCEA, ICED (287,484,486)
rutuja patil
Greenhorn

Joined: Dec 17, 2009
Posts: 23
Thanks!
Pat Gonzalez
Greenhorn

Joined: Oct 18, 2009
Posts: 19

It is true that Spring's spnego auth can only be used with a keytab.

However, to be more precise, a keytab is NOT essential nor required for Kerberos authentication.

It seems that according to the spec, shared secrets are handled at the protocol level (http://tools.ietf.org/html/rfc4120).

For example, the KDC necessarily knows the password for both the client and the server.

Hence, the shared secret problem is solved.

Here's an open source project that enables single sign-on for java web apps that does not require a keytab:

http://spnego.sourceforge.net

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: kerberos/spnego authentication without keytab file
 
Similar Threads
Tomcat: Valve with SPNEGO-Authentication
Disable SPNEGO login on JBOSS
Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO
SPNEGO to JBoss 4.3.2 (with username different from hostname)
SSO using SPNEGO in JBOSS 4.2.2