[jboss-dev-forums] [Design of Security on JBoss] - Re: Negotiate with Kerberos
cdelashmutt
do-not-reply at jboss.com
Thu Aug 24 17:00:51 EDT 2006
Effectively, that is what SPNEGO does. So does NTLM. Neither protocol are as simple as just getting some credentials, and then validating them.
The server sends an authorization header. The client responds with a token. That token is validated, wrapped, and sent back to the client. The client returns a final token which can be used to get identifying user attributes.
That's why I felt that I needed to take the seemingly strange approach that I took. I'm always interested in hearing about ways to improve what I've done, so please don't stop using a critical eye on this stuff.
Thanks!
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3967345#3967345
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3967345
More information about the jboss-dev-forums
mailing list