• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Java APIs for kerberos impersonation/constrained delegation

 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Is there any Java API available for kerberos impersonation/constrained delegation. Basically my requirement is as follows :

User(U) access a service (S1) which in turn accesses service (S2) impersonating the user (U). My service S1 is a Java based web application which want to access another kerberised service on behalf of user.
I want some Java API on Service S1 which can interact with KDC to obtain kerberos service ticket for S2 for the user U.

Which is the best way to achieve this?

Regards.
 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Varun,
I am also working on a similar thing.
Can you please throw some light on the solution?
 
varun srivastv
Greenhorn
Posts: 16
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Manto,

I could not find any open source Java API supporting constrained delegation. I am working to write a C library using GSS API for impersonation. Plan to write JNI wrapper to use it from java.
This would require implementing S4U protocols from Microsoft using GSS API. (http://msdn.microsoft.com/en-us/library/cc246071.aspx)
Link for GSS APIs to support this for MIT kerberos http://k5wiki.kerberos.org/wiki/Projects/Services4User


Regards
 
I hired a bunch of ninjas. The fridge is empty, but I can't find them to tell them the mission.
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic