[jboss-user] [Security & JAAS/JBoss] - Re: Minimal JBoss config to use GSSAPI/Kerberos acceptSecCon

[chriscorbell]

"anil.saldhana at jboss.com" wrote : Sure you can reinvent your own wheel.  JBoss Negotiation does all this for you.

anil.saldhana,

Can you point us to the documentation and code samples where JBoss Negotiate is shown to work A) without forcing the use of JAAS subjects and principles, deferring instead to the lower-level GSSAPI and B) working with native (C-based) SOAP clients sending their GSS context tokens in the payload of the SOAP message?  Also can you assure it's working as kerberized service on both Mac OS X Server and Windows Server?

In my hopeful search through Negotiate's samples and docs I found some examples for full use of Kerberos/SSO using JAAS with Java or Web clients, but nothing on this kind of native-client, explicit-GSS-context-token use. Also it was in beta when I was looking at it (we're shipping a commercial app), and even though its download page now advertises a GA release, when you click it you just get "ERROR: null" (From http://www.jboss.org/jbosssecurity/downloads/JBoss%20Negotiation/, Mac/Firefox, 2008-03-09)

Your more detailed insight is welcome, since I'm assuming you have a lot of experience with Negotiate and I have none.  For those who understand Kerberos/GSSAPI and just want to use it as advertised, is there really a quicker path to the goal going through Negotiate?  It will help others who find this thread to find out if so, and get some details.

TIA.

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4216409#4216409

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4216409