开发者

Cross domain/realm authentication

Here is my problem: I can't find any document on cross domain authentication with java+kerberos. I have to authenticate against distant LDAP on other realm. How can we do that in java?

Thank you

EDIT:

Here is my krb5.conf:

[libdefaults]

default_realm = REALM1

dns_lookup_realm = false

dns_lookup_kdc = false

forwardable = true

[realms]

REALM1 = {

kdc = kerberos.my.url.domain1:88

admin_server = kerberos.my.url.domain1:749

default_domain = .开发者_高级运维

}

REALM2 = {

kdc = kerberos.my.url.domain2:88

admin_server = kerberos.my.url.domain2:749

}

[domain_realm]

.my.url.domain1 = REALM1

.my.url.domain2 = REALM2

Cross-realm works in command line when I execute on domain1

ldapsearch -H "ldap:/my.url.domain2"

so I suppose my krb5.conf is good


Authenticating against an LDAP is not the same as authenticating with Kerberos.
Could you give some more backgroung on what it is you need to accomplish. For example:

  • are you writing client code that needs to respond to a Kerberos authentication chalenge?
  • does your code need to validate a user + password against an LDAP?
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜