directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Boorshtein <mboorsht...@gmail.com>
Subject RE: S4U2Proxy and S4U2Self on ApacheDS
Date Mon, 13 May 2013 23:18:40 GMT
Are these all web services?
On May 13, 2013 6:31 PM, "Wu, James C." <James.C.Wu@disney.com> wrote:

> Thanks for the quick response. It seems I can’t use these two protocols at
> the moment then. ****
>
> ** **
>
> So let me describe my situation and maybe someone will give me some hint.
> ****
>
> ** **
>
> I have a service A that will launch a bunch of jobs for its client. The
> jobs will interact with a Kerberos secured service B. I was thinking about
> deploying a service principal for A onto the host where A is running and
> have it impersonate its clients using S4U2Proxy and S4U2Self protocols. **
> **
>
> ** **
>
> Since S4U2Proxy and S4U2Self is not yet working on ApacheDS, then the
> other option I can think of is to deploy a key for each client of A onto
> the host where A is running. So A will request Kerberos ticket for its
> client and use the ticket to access service B. The trouble is that
> everytime I add a new client for A, I have to add a key entry into the
> keytab, which is a pain. ****
>
> ** **
>
> Does anyone knows better way to do it?****
>
> ** **
>
> Regards,****
>
> ** **
>
> james****
>
> ** **
>
> *From:* Marc Boorshtein [mailto:mboorshtein@gmail.com]
> *Sent:* Monday, May 13, 2013 3:23 PM
> *To:* Apache Directory Developers List
> *Subject:* Re: S4U2Proxy and S4U2Self on ApacheDS****
>
> ** **
>
> I think that might have been me.  While I was able to generate the
> tickets, they were never accepted by IIS (when ISA tickets were) so I gave
> up.  But I was more focussed on the client APIs, not in having ApacheDS
> being a KDC.****
>
> ** **
>
> Thanks****
>
> Marc****
>
> ** **
>
> On Mon, May 13, 2013 at 6:06 PM, Wu, James C. <James.C.Wu@disney.com>
> wrote:****
>
> Hi,
>
> Does anyone know if ApacheDS support this two protocols?  In 2010, someone
> mentioned about trying to implement these protocols. Are the work done? If
> so, how can I test them?
>
> Regards,
>
> James****
>
> ** **
>

Mime
View raw message