File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Java APIs for kerberos impersonation/constrained delegation

 
varun srivastv
Greenhorn
Posts: 16
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Is there any Java API available for kerberos impersonation/constrained delegation. Basically my requirement is as follows :

User(U) access a service (S1) which in turn accesses service (S2) impersonating the user (U). My service S1 is a Java based web application which want to access another kerberised service on behalf of user.
I want some Java API on Service S1 which can interact with KDC to obtain kerberos service ticket for S2 for the user U.

Which is the best way to achieve this?

Regards.
 
manto kumar
Greenhorn
Posts: 10
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Varun,
I am also working on a similar thing.
Can you please throw some light on the solution?
 
varun srivastv
Greenhorn
Posts: 16
  • 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Manto,

I could not find any open source Java API supporting constrained delegation. I am working to write a C library using GSS API for impersonation. Plan to write JNI wrapper to use it from java.
This would require implementing S4U protocols from Microsoft using GSS API. (http://msdn.microsoft.com/en-us/library/cc246071.aspx)
Link for GSS APIs to support this for MIT kerberos http://k5wiki.kerberos.org/wiki/Projects/Services4User


Regards
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic