[jboss-user] [Security & JAAS/JBoss] - Kerberos, ejb, rmi

ruhe do-not-reply at jboss.com
Wed Mar 4 05:24:45 EST 2009


Hello.

I'm trying to develop a swing desktop application which uses EJBs deployed on jboss.
The connection should take place on secure channel using kerberos.
>From all the posts I found on this forum, I understood that I have to implement some steps:

    1. Need to get jboss tgt from kerberos. No problems here, I declare a new application-policy in login-config.xml and use Krb5LoginModule. JBoss successfully authenticates to kerberos and receives tgt.
    2. As I understood, on second step I have to create my own LoginModule (I looked at sources of security-negotiation-2.0.3.GA). Here is my problem. To accept security context I need to access rmi socket factory, and jndi socket factory (jndi lookups must be secure too).
    3. Third step would be just declaring a new application-policty in login-config.xml using my new LoginModule, and specify this policy for my ejb. Am I wright?
    
    This is server side. The same problems on client side.
    1. No problems, if I want to receive tgt. But I need to receive a service ticket, I need to establish security context. Should I use custom RmiSocketFactory implementation?
    
    
    If someone had such problem, tell me please what I need to do.
    
    Thanks.

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4214822#4214822

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4214822



More information about the jboss-user mailing list