RE: Extract Information from Ticket. - Kerberos

This is a discussion on RE: Extract Information from Ticket. - Kerberos ; Hi, > Does anybody know how I can extract Principal and other Information from that Ticket in Java? You can do it using the jcifs AND the jcifs-ext library - look at the spnego classes and http negotiation filter etc.. ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: RE: Extract Information from Ticket.

  1. RE: Extract Information from Ticket.

    Hi,

    > Does anybody know how I can extract Principal and other Information from that Ticket in Java?


    You can do it using the jcifs AND the jcifs-ext library - look at the spnego classes and http negotiation filter etc..

    Cheers,
    Bruce

    --
    No virus found in this outgoing message.
    Checked by AVG Free Edition.
    Version: 7.5.446 / Virus Database: 268.18.5/707 - Release Date: 01/03/2007 14:43


    This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify NSFAS immediately. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the organisation.


    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: Extract Information from Ticket.

    On Fri, 2 Mar 2007 13:58:40 +0200
    "Bruce Stewart" wrote:

    > Hi,
    >
    > > Does anybody know how I can extract Principal and other Information from that Ticket in Java?


    Are you sure mod_auth_kerb doesn't put the principal name somewhere
    (e.g. REMOTE_USER)?

    Otherwise you have to base64 decode that blob and use ASN.1 decoding to
    find the principal you're interested in.

    But it would probably be easier to just do authentication yourself and
    ditch the Apache module

    > You can do it using the jcifs AND the jcifs-ext library - look at the spnego classes and http negotiation filter etc..


    Actually only with jcifs-ext and that package is horribly out of date. The
    stock jcifs distribution only supports NTLM SSO (but that actually works
    quite well assuming you don't need delegation).

    Java 1.6 JGSS supposedly supports SPNEGO. I haven't tried it but
    all you should have to do is base64 decode that blob feed it to
    GSSContext.acceptSecContext().

    Mike

    --
    Michael B Allen
    PHP Active Directory SSO
    http://www.ioplex.com/
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread