RE: Extract Information from Ticket. - Kerberos

This is a discussion on RE: Extract Information from Ticket. - Kerberos ; Hi Michael, > Actually only with jcifs-ext and that package is horribly out > of date. Agreed that it is horribly out of date ;-). I mentioned "jcifs and jcifs-ext" because jcifs-ext depends on jcifs, and jcifs therefore needs to ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: RE: Extract Information from Ticket.

  1. RE: Extract Information from Ticket.

    Hi Michael,

    > Actually only with jcifs-ext and that package is horribly out
    > of date.


    Agreed that it is horribly out of date ;-). I mentioned "jcifs and jcifs-ext" because jcifs-ext depends on jcifs, and jcifs therefore needs to be included.

    > The
    > stock jcifs distribution only supports NTLM SSO (but that
    > actually works
    > quite well assuming you don't need delegation).


    FWIW...the spnego classes accept NTLM aswell as Kerberos tokens - which was a problem for us - we only wanted Kerberos tokens (because we wanted delegation). I created our own bare bones version of the jcifs.spnego.Authentication class - removed the jcifs dependencies (i.e. NTLM code), "client" code and reflection based GSS-API code. Instead of returning a Principal with authentication.getPrincipal(), we return a javax.security.auth.Subject (which contains the KerberosPrincipal and KerberosTicket) with getSubject(). That allows us to use Subject.doAs(subject, ...) etc.

    Using the jcifs-ext code as a guide it was pretty easy for us to create exactly what we needed.

    Cheers,
    Bruce

    --
    No virus found in this outgoing message.
    Checked by AVG Free Edition.
    Version: 7.5.446 / Virus Database: 268.18.7/710 - Release Date: 04/03/2007 13:58


    This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify NSFAS immediately. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the organisation.


    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: Extract Information from Ticket.

    On Mon, 5 Mar 2007 10:18:15 +0200
    "Bruce Stewart" wrote:

    > > The
    > > stock jcifs distribution only supports NTLM SSO (but that
    > > actually works
    > > quite well assuming you don't need delegation).

    >
    > FWIW...the spnego classes accept NTLM aswell as Kerberos tokens - which was a problem for us - we only wanted Kerberos tokens (because we wanted delegation). I created our own bare bones version of the jcifs.spnego.Authentication class - removed the jcifs dependencies (i.e. NTLM code), "client" code and reflection based GSS-API code. Instead of returning a Principal with authentication.getPrincipal(), we return a javax.security.auth.Subject (which contains the KerberosPrincipal and KerberosTicket) with getSubject(). That allows us to use Subject.doAs(subject, ...) etc.
    >
    > Using the jcifs-ext code as a guide it was pretty easy for us to create exactly what we needed.


    Yes, the peculiararities of the jcifs-ext SPNEGO classes using reflextion
    has made it difficult for me to accept it into the stock distro. And
    thus jcifs-krb5 (which uses those classes) is a separate package.

    Mike

    --
    Michael B Allen
    PHP Active Directory SSO
    http://www.ioplex.com/
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread