[jboss-user] [Security & JAAS/JBoss] - Re: JBoss on Windows XP, Kerberos MIT on unix, SPNEGO issue
do-not-reply at jboss.com
Wed Feb 18 09:45:04 EST 2009
I have to say so far this is not a scenario that I have worked with yet, most of my MIT KDC testing was using FreeIPA and only Linux server and client so I have not yet tried a Windows client with a Linux/MIT KDC.
So far from experience the easiest way to analyse this further would be to use a tool like wireshark to monitor the network traffic between the Windows machine and the Linux/MIT KDC. At the point the web browser decides if it should trust the server it will send a TGS-REQ packet to the KDC and will trust the server if it gets a valid TGS-REP in response - using wireshark will let you double check what is being requested and what any failure message says.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4211105#4211105
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4211105
More information about the jboss-user