Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 4720 invoked from network); 27 Jun 2008 01:01:38 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 27 Jun 2008 01:01:37 -0000 Received: (qmail 9264 invoked by uid 500); 27 Jun 2008 01:01:39 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 9218 invoked by uid 500); 27 Jun 2008 01:01:38 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 9207 invoked by uid 99); 27 Jun 2008 01:01:38 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 26 Jun 2008 18:01:38 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of ioplex@gmail.com designates 64.233.182.188 as permitted sender) Received: from [64.233.182.188] (HELO nf-out-0910.google.com) (64.233.182.188) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Jun 2008 01:00:47 +0000 Received: by nf-out-0910.google.com with SMTP id 30so60915nfu.5 for ; Thu, 26 Jun 2008 18:01:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=M3oUGAk7299noXOxQ/K/DG3DwMVb+vT6oKMszf5W4cc=; b=dgthWi7EV6fWxkQFrENOVgPDjkH/QHSzb4xZgTnA04kCWUiXTPMnsHknDkEKTqQI8t djMVfel5pW0rV+8cjp1kg5GI+prWpbIOeBgGvJXX2/m033uXcRAOM8NmvJ8haL96l0xW sQAwOHO5bxtwN5K8Ce88NhyhvOx7tt6q7GMzg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=m7D9RpeaOkg8kSDf1r7kbxyBlP9fLp0F/EhfboxMcmuK8SehMMdIuEhotS/4fN3UGR VzWvPZ3528XPn9RkuNG+D9w38tDgStVVzuaKwgJZSbwfqMvhvpZDTnK9Fc5pGxWnPZ4T nyw5puXUu+7IOXNeeIVcj/D2h3e4rnsDbn8RM= Received: by 10.210.63.5 with SMTP id l5mr519810eba.85.1214528465371; Thu, 26 Jun 2008 18:01:05 -0700 (PDT) Received: by 10.210.109.15 with HTTP; Thu, 26 Jun 2008 18:01:05 -0700 (PDT) Message-ID: <78c6bd860806261801k2d0a2a01g45c8c1cfccb99068@mail.gmail.com> Date: Thu, 26 Jun 2008 21:01:05 -0400 From: "Michael B Allen" To: dev@directory.apache.org Subject: Ideas Wanted: NTLMv2, Kerberos, JAAS, ... MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Virus-Checked: Checked by ClamAV on apache.org Hi, I'm working on implementing Kerberos 5 and NTLMv2 for an open source CIFS client. Being a Windows / Java solution it seems to me we're distant cousins. I'm going to be doing classes for NTLM credentials and principals, JAAS integration and utility classes, possibly some JNDI to do "site" based SRV lookups (to set java.security.krb5.kdc - gotta love all that LoginModule configuration BS), ... etc. Is everyone on-board with Java's Subject based security code? I'm not yet convinced but so far I'm playing along. Do you guys have or want NTLMv2, Kerberos, SPNEGO, NTLMSSP, ...? If so, I'm interested in hearing opinions about how to "properly" implement such things to maximize cross-pollination. Is anyone aware of other projects doing this sort of stuff? In general I'm interested in hearing about anything wrt the above that has worked well for you (or what to watch out for). I've been doing C for a while and I want to know where Java's at with this stuff. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/