directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: [Kerberos] Kerberos + Wicket
Date Tue, 20 Feb 2007 06:15:58 GMT
A Kerberos client would be great to have.  Enrique and I often spoke about
having such a client to not have to deal with the ugliness of the the
various KRB5 login modules supported by JVM vendors.

It would clean up much of the nasty code in Tsec/ADS and would make it
easier to manage the configuration of Tsec/ADS itself.

Alex

On 2/19/07, David Jencks <david_jencks@yahoo.com> wrote:
>
>
> On Feb 18, 2007, at 6:30 PM, Enrique Rodriguez wrote:
>
> > On 2/18/07, David Jencks <david_jencks@yahoo.com> wrote:
> >> ...
> >> On a conceivably related note, triplesec has some nasty code to try
> >> to find a sun or ibm kerberos LoginModule.... do you have one or know
> >> how to write one?  I think having our own would be pretty handy.
> >
> > Wait ... can you clarify?  I wrote a LoginModule once but I think it
> > was just to get out of having to use the JDK's configuration system
> > (conf files, properties ...).  I realized just now that maybe you
> > meant writing an entire Kerberos client that didn't rely on underlying
> > com.sun classes.  In which case, we've talked about doing that for a
> > long time, most notably so we could support OTP's, IDfusion,
> > authorization payload, smart cards, or modern configuration
> > mechanisms.  As with our other server protocols, we have a lot of the
> > guts to do a client library.
> >
> > Is a Kerberos client implementation what you asking for?
>
> I think so.... I'd like a Krb5LoginModule that I can use on either
> sun or ibm jdks without it having to test which one it's running on.
>
> I'm need to study jGSS more to make sense of your previous answer :-)
>
> many thanks
> david jencks
>
> >
> > Enrique
>
>

Mime
View raw message