Obtaining TGT transparently ---> Is it possible ? - Kerberos

This is a discussion on Obtaining TGT transparently ---> Is it possible ? - Kerberos ; Hi all, I have a question regarding obtaining TGT transparently on the application server. When I go for mutual authentication, I do require TGT on the application server side also. Now I am getting the TGT by using kinit on ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Obtaining TGT transparently ---> Is it possible ?

  1. Obtaining TGT transparently ---> Is it possible ?

    Hi all,

    I have a question regarding obtaining TGT transparently on the
    application server. When I go for mutual authentication, I do require
    TGT on the application server side also. Now I am getting the TGT by
    using kinit on the application server.

    My requirement is to get the TGT without manual intervention on server
    side. Could you please reply for my questions listed below ?

    1) Is it possible ?
    2) What are the issues involved here ? How to track the TGT expiration
    time on the application server side so as to get a new TGT etc..
    3) Any other implementation issues.

    Regards,
    Sandy.


  2. Re: Obtaining TGT transparently ---> Is it possible ?


    > Hi all,
    > I have a question regarding obtaining TGT transparently on the
    > application server. When I go for mutual authentication, I do require
    > TGT on the application server side also. Now I am getting the TGT by
    > using kinit on the application server.


    Why? This is not required for mutual authentication.

    --
    Richard Silverman
    res@qoxp.net


  3. Re: Obtaining TGT transparently ---> Is it possible ?

    Hi all,

    1) Can you please let me know whether my understanding of mutual
    authentication is correct ?

    2) Are there any scenarios where I require a TGT on applicatinn server
    also ?

    3) Is it possible to get the TGT transperently ? What are the issues
    invloved here ? How to get the TGT automatically before it expires on
    server side ?

    Regards,
    Sandy


  4. Re: Obtaining TGT transparently ---> Is it possible ?

    sandypossible@gmail.com wrote:
    > Hi all,
    >
    > 1) Can you please let me know whether my understanding of mutual
    > authentication is correct ?
    >
    > 2) Are there any scenarios where I require a TGT on applicatinn server
    > also ?
    >
    > 3) Is it possible to get the TGT transperently ? What are the issues
    > invloved here ? How to get the TGT automatically before it expires on
    > server side ?
    >
    > Regards,
    > Sandy


    Application Servers do not use TGTs for the purpose of authenticating
    their clients. For this they use keys stored in keytabs.

    The only time an Application Server would require a TGT or an initial
    service ticket is when the AppServer needs to initiate an authentication
    as a client to another service.


+ Reply to Thread