• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
  • Paul Clapham
Sheriffs:
  • paul wheaton
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Piet Souris
Bartenders:
  • Mike London

kerberos/spnego authentication without keytab file

 
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
With spring can we use kerberos/spnego authentication in application without keytab file?

Thanks.
 
Ranch Hand
Posts: 527
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

rutuja patil wrote:With spring can we use kerberos/spnego authentication in application without keytab file?

Thanks.



No, keytab file is essential to establish the Trust relationship. URL for some reading on Kerberos with Spring.
 
rutuja patil
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks!
 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

It is true that Spring's spnego auth can only be used with a keytab.

However, to be more precise, a keytab is NOT essential nor required for Kerberos authentication.

It seems that according to the spec, shared secrets are handled at the protocol level (http://tools.ietf.org/html/rfc4120).

For example, the KDC necessarily knows the password for both the client and the server.

Hence, the shared secret problem is solved.

Here's an open source project that enables single sign-on for java web apps that does not require a keytab:

http://spnego.sourceforge.net

reply
    Bookmark Topic Watch Topic
  • New Topic