File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Kerberos credential delegation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Kerberos credential delegation" Watch "Kerberos credential delegation" New topic

Kerberos credential delegation

manto kumar

Joined: Jan 10, 2012
Posts: 10
I am currently trying to enable a spnego based SSO Application. As part of this I seek to get the delegated credentials.

How to verify that the credential I get after "GSSContext.acceptSecContext(gss, 0, gss.length);" is a delegated credential or not. "GSSContext.getCredDelegState()" is true.

My primary doubt is whether the server principal in the ticket should be "krbtgt/ABC.XYZ.COM@ABC.XYZ.COM" or should be the service "(HTTP/" for which the ticket was delegated?``

Please see image attached.

I am using a linux based Kerberos server and linux hosts for this.

Is there any reference to what the delegated ticket should be like?

[Thumbnail for DelegTkt.jpg]

I agree. Here's the link:
subject: Kerberos credential delegation
It's not a secret anymore!