Cross domain/realm authentication
Here is my problem: I can't find any document on cross domain authentication with java+kerberos. I have to authenticate against distant LDAP on other realm. How can we do that in java?
Thank you
EDIT:
Here is my krb5.conf:
[libdefaults]
default_realm = REALM1
dns_lookup_realm = false
dns_lookup_kdc = false
forwardable = true
[realms]
REALM1 = {
kdc = kerberos.my.url.domain1:88
admin_server = kerberos.my.url.domain1:749
default_domain = .开发者_高级运维
}
REALM2 = {
kdc = kerberos.my.url.domain2:88
admin_server = kerberos.my.url.domain2:749
}
[domain_realm]
.my.url.domain1 = REALM1
.my.url.domain2 = REALM2
Cross-realm works in command line when I execute on domain1
ldapsearch -H "ldap:/my.url.domain2"
so I suppose my krb5.conf is good
Authenticating against an LDAP is not the same as authenticating with Kerberos.
Could you give some more backgroung on what it is you need to accomplish. For example:
- are you writing client code that needs to respond to a Kerberos authentication chalenge?
- does your code need to validate a user + password against an LDAP?
精彩评论