You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by Cristian Roldan <ro...@yahoo.com.ar> on 2006/01/05 20:59:05 UTC
Geronimo and Kerberos
Hi All,
Does Geronimo support Kerberos ?
How can I configure Geronimo to autheticate users using a Windows KDC ?
Thanks.
---------------------------------
1GB gratis, Antivirus y Antispam
Correo Yahoo!, el mejor correo web del mundo
Abrí tu cuenta aquí
Re: Geronimo and Kerberos
Posted by Cristian Roldan <ro...@yahoo.com.ar>.
Hi Alan,
Yes I mean windows domain, I want to configure geronimo to support kerberos SSO.
Thanks.
"Alan D. Cabrera" <li...@toolazydogs.com> escribió:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cristian Roldan wrote, On 1/5/2006 11:59 AM:
> Hi All,
> Does Geronimo support Kerberos ?
> How can I configure Geronimo to autheticate users using a Windows KDC ?
You use JAAS login modules to do this. I had a working test that demoed
how it worked on Windows; I assume that you mean a windows domain
server. Let me hunt it down for you.
Regards,
Alan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDvY/B1xC6qnMLUpYRAvyMAJ9w07OqGYTAXTQb+kDUSM7HPbgHZACfYtyP
2vhKtzhJsB1FqL8+p0kIq3U=
=KMnE
-----END PGP SIGNATURE-----
---------------------------------
1GB gratis, Antivirus y Antispam
Correo Yahoo!, el mejor correo web del mundo
Abrí tu cuenta aquí
Re: Geronimo and Kerberos
Posted by "Alan D. Cabrera" <li...@toolazydogs.com>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cristian Roldan wrote, On 1/5/2006 11:59 AM:
> Hi All,
> Does Geronimo support Kerberos ?
> How can I configure Geronimo to autheticate users using a Windows KDC ?
You use JAAS login modules to do this. I had a working test that demoed
how it worked on Windows; I assume that you mean a windows domain
server. Let me hunt it down for you.
Regards,
Alan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDvY/B1xC6qnMLUpYRAvyMAJ9w07OqGYTAXTQb+kDUSM7HPbgHZACfYtyP
2vhKtzhJsB1FqL8+p0kIq3U=
=KMnE
-----END PGP SIGNATURE-----
Re: Geronimo and Kerberos
Posted by Cristian Roldan <ro...@yahoo.com.ar>.
Hi Aaron,
thanks for the information, it is an excelent introduction to Kerberos/Java LoginModule, but I think that at the windows KDC site there are a lot of tasks to do to integrate a Java proccess (J2EE) and Win KDC for example how to create a Kerberos SPN. Maybe in 3 week I will try to configure Kerberos with Geronimo.
Thanks.
Aaron Mulder <am...@alumni.princeton.edu> escribió:
Here's an article on Sun's Kerberos login module, for what it's worth:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/single-signon.html
Aaron
On 1/5/06, Aaron Mulder wrote:
> On 1/5/06, Cristian Roldan wrote:
> > Does Geronimo support Kerberos ?
> > How can I configure Geronimo to autheticate users using a Windows KDC ?
>
> My understanding is that Geronimo can use Sun's Kerberos LoginModule
> to authenticate clients based on who's logged in to the client PC.
> I'm not totally sure there aren't security issues with this approach
> since the server is essentially trusting the client to report the
> correct user, but I believe it has actually been tested and works. I
> think Alan's the one who really worked all this out so I hope he can
> chime in.
>
> If you want to try this I can walk you through setting up the security
> realm and point you at Sun's documentation for the options that can be
> passed to their LoginModule, but I don't have a full understanding of
> what all the options should be set to.
>
> Thanks,
> Aaron
>
---------------------------------
1GB gratis, Antivirus y Antispam
Correo Yahoo!, el mejor correo web del mundo
Abrí tu cuenta aquí
Re: Geronimo and Kerberos
Posted by Aaron Mulder <am...@alumni.princeton.edu>.
Here's an article on Sun's Kerberos login module, for what it's worth:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/single-signon.html
Aaron
On 1/5/06, Aaron Mulder <am...@alumni.princeton.edu> wrote:
> On 1/5/06, Cristian Roldan <ro...@yahoo.com.ar> wrote:
> > Does Geronimo support Kerberos ?
> > How can I configure Geronimo to autheticate users using a Windows KDC ?
>
> My understanding is that Geronimo can use Sun's Kerberos LoginModule
> to authenticate clients based on who's logged in to the client PC.
> I'm not totally sure there aren't security issues with this approach
> since the server is essentially trusting the client to report the
> correct user, but I believe it has actually been tested and works. I
> think Alan's the one who really worked all this out so I hope he can
> chime in.
>
> If you want to try this I can walk you through setting up the security
> realm and point you at Sun's documentation for the options that can be
> passed to their LoginModule, but I don't have a full understanding of
> what all the options should be set to.
>
> Thanks,
> Aaron
>
Re: Geronimo and Kerberos
Posted by Aaron Mulder <am...@alumni.princeton.edu>.
On 1/5/06, Cristian Roldan <ro...@yahoo.com.ar> wrote:
> Does Geronimo support Kerberos ?
> How can I configure Geronimo to autheticate users using a Windows KDC ?
My understanding is that Geronimo can use Sun's Kerberos LoginModule
to authenticate clients based on who's logged in to the client PC.
I'm not totally sure there aren't security issues with this approach
since the server is essentially trusting the client to report the
correct user, but I believe it has actually been tested and works. I
think Alan's the one who really worked all this out so I hope he can
chime in.
If you want to try this I can walk you through setting up the security
realm and point you at Sun's documentation for the options that can be
passed to their LoginModule, but I don't have a full understanding of
what all the options should be set to.
Thanks,
Aaron