Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Kerberos credential delegation

 
manto kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am currently trying to enable a spnego based SSO Application. As part of this I seek to get the delegated credentials.

How to verify that the credential I get after "GSSContext.acceptSecContext(gss, 0, gss.length);" is a delegated credential or not. "GSSContext.getCredDelegState()" is true.

My primary doubt is whether the server principal in the ticket should be "krbtgt/ABC.XYZ.COM@ABC.XYZ.COM" or should be the service "(HTTP/host.ABC.XYZ.com)" for which the ticket was delegated?``

Please see image attached.

I am using a linux based Kerberos server and linux hosts for this.

Is there any reference to what the delegated ticket should be like?
DelegTkt.jpg
[Thumbnail for DelegTkt.jpg]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic