directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <enriqu...@gmail.com>
Subject Re: [Kerberos] Kerberos + Wicket, part 2
Date Mon, 11 Jun 2007 01:55:48 GMT
On 6/9/07, Emmanuel Lecharny <elecharny@apache.org> wrote:
> Enrique Rodriguez a écrit :
> > Firefox used to send a "GSSAPI/Kerberos v5 OID" and at some point in
> > the last 6 months it started sending a "SPNEGO OID."  The problem is
> > that Java 1.5 only supports "GSSAPI/Kerberos v5" and so you get an
> > exception from jGSS when the SPNEGO OID shows up.  However, with Java
> > 1.6 "SPNEGO" is handled properly.  This causes a compatibility issue
> > for us since as a project we are on 1.5 hence the commit to my
> > sandbox.  I'm still trying to determine whether there is a way to
> > configure which OID (mechanism) Firefox uses in the response.
>
> from what I have seen on web lately, I'm not sure. May be by browsing FF
> code source ?

Yeah, I started poking around with lxr and bonsai and I asked a
Mozilla colleague to help when he gets a chance.

> ...
> Ok. Just a question, not sure is it relevant : if we have our own SPNEGO
> codec, would it help ? (because we have this codec somewhere, but sandboxed)

I'm afraid that in addition to any codecs there is always protocol
workflow and so this would turn into a sizable undertaking.

> ...
> Np, this is just a demo/test apps. As soon as it works ... I bet we
> would like to create a more serious demonstrator some time, but I don't
> know how we can set it up on directory.a.o.

I updated the doco, as with the GSSAPI doc, to have more details and
to use config for ApacheDS 1.5.1.  Also, there is a Start class that
you should be able to run in Eclipse as a Java application and have it
start an embedded Jetty server and bind to 8080.  I think that is the
easiest way to get this example running and skip the WAR deployment.
This is why the POM has the Jetty/Tomcat/nlog4j setup the way it is.
I recommend trying it in Eclipse first.  Don't forget to configure the
JRE to be 1.6 for this specific Eclipse project.  I couldn't figure
out how to get the mvn eclipse plugin to set this automatically and,
trust me, I tried.

Enrique

Mime
View raw message