Reputation: 39
Cross domain/realm authentication
Here is my problem: I can't find any document on cross domain authentication with java+kerberos. I have to authenticate against distant LDAP on other realm. How can we do that in java?
Thank you
EDIT:
Here is my krb5.conf:
[libdefaults]
default_realm = REALM1
dns_lookup_realm = false
dns_lookup_kdc = false
forwardable = true
[realms]
REALM1 = {
kdc = kerberos.my.url.domain1:88
admin_server = kerberos.my.url.domain1:749
default_domain = .
}
REALM2 = {
kdc = kerberos.my.url.domain2:88
admin_server = kerberos.my.url.domain2:749
}
[domain_realm]
.my.url.domain1 = REALM1
.my.url.domain2 = REALM2
Cross-realm works in command line when I execute on domain1
ldapsearch -H "ldap:/my.url.domain2"
so I suppose my krb5.conf is good
Upvotes: 1
Views: 1875
Answers (1)
Reputation: 525
Authenticating against an LDAP is not the same as authenticating with Kerberos.
Could you give some more backgroung on what it is you need to accomplish. For example:
- are you writing client code that needs to respond to a Kerberos authentication chalenge?
- does your code need to validate a user + password against an LDAP?
Upvotes: 2
Related Questions
- Kerberos Resourced based constrained delegation in cross realm setup
- LDAP Single Sign On for Active Directory queries in Java
- How to connect with Java into Active Directory
- Kerberos: Cross Domain/Realm Issue
- Connecting to ldap using GSSAPI. Wrong service principal
- Java Kerberos authentication using Active Directory User Principal Name
- Java Web Application: Using a custom realm
- LDAP Creating InitialLdapContext fails in Sub Realm / Cross Realm setup in Java using GSSAPI
- Kerberos with Java
- Java Authentication against Active Directory, authentication mismatch?