[jboss-user] [Security & JAAS/JBoss] - Kerberos, ejb, rmi

Hello. I'm trying to develop a swing desktop application which uses EJBs deployed on jboss. The connection should take place on secure channel using kerberos. 1. Need to get jboss tgt from kerberos. No problems here, I declare a new application-policy in login-config.xml and use Krb5LoginModule. JBoss successfully authenticates to kerberos and receives tgt. 2. As I understood, on second step I have to create my own LoginModule (I looked at sources of security-negotiation-2.0.3.GA). Here is my problem. To accept security context I need to access rmi socket factory, and jndi socket factory (jndi lookups must be secure too). 3. Third step would be just declaring a new application-policty in login-config.xml using my new LoginModule, and specify this policy for my ejb. Am I wright? This is server side. The same problems on client side. 1. No problems, if I want to receive tgt. But I need to receive a service ticket, I need to establish security context. Should I use custom RmiSocketFactory implementation? If someone had such problem, tell me please what I need to do. Thanks. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4214822#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...