Hi Michael,

> Actually only with jcifs-ext and that package is horribly out
> of date.

Agreed that it is horribly out of date ;-). I mentioned "jcifs and jcifs-ext" because jcifs-ext depends on jcifs, and jcifs therefore needs to be included.

> The
> stock jcifs distribution only supports NTLM SSO (but that
> actually works
> quite well assuming you don't need delegation).

FWIW...the spnego classes accept NTLM aswell as Kerberos tokens - which was a problem for us - we only wanted Kerberos tokens (because we wanted delegation). I created our own bare bones version of the jcifs.spnego.Authentication class - removed the jcifs dependencies (i.e. NTLM code), "client" code and reflection based GSS-API code. Instead of returning a Principal with authentication.getPrincipal(), we return a javax.security.auth.Subject (which contains the KerberosPrincipal and KerberosTicket) with getSubject(). That allows us to use Subject.doAs(subject, ...) etc.

Using the jcifs-ext code as a guide it was pretty easy for us to create exactly what we needed.

Cheers,
Bruce

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.7/710 - Release Date: 04/03/2007 13:58


This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify NSFAS immediately. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the organisation.


________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos