On 2/18/07, Enrique Rodriguez <enriquer9@gmail.com> wrote:
Hi, Directory developers,

As part of documenting practical uses of Apache Directory for Kerberos
authentication, I got Kerberos authentication to a Wicket web app
working.  This uses the "SPNEGO+GSS-API+Kerberos V5" scheme
popularized by IE and now well-supported in Firefox.  I used the jGSS
code in JDK 1.5, so this was a pretty quick 80-lines of code to glue
Negotiate processing to Wicket.  The "three-headed" Kerberos setup I
tested was (1) Firefox 2 and IE 7 (2) Wicket app (3) and Apache

That sounds neat.  I'm sure this will come in handy when we build a UI for the server and need to authenticate users.

I wanted to check where the best home for this code is.  I followed
the layout of the "signin" and "signin2" apps in Wicket Examples, so
one possibility is a contribution to Wicket.  But, 90% of the
difficulty is in the configuration of Kerberos, so I think it makes
the most sense to maintain at Directory.  The code is commented and
ready to commit.  I would do a Confluence page to detail, from
scratch, how to set this up.

Great!  Documentation would be good.  This sounds like a perfect candidate for the clients project under the kerberos module in it.  I don't think we have added much if anything to this module.  Here's the SVN url for the base:


Any objections to my committing this to Directory?  

None, so long as there is some documentation to accompany the sources committed.