Announcement Announcement Module
No announcement yet.
JAAS KERBEROS GSSAPI LDAP... I'm going insane! Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • JAAS KERBEROS GSSAPI LDAP... I'm going insane!

    Hi dudes, my first post here, so not sure if this is a -security or -ldap issue.

    My requirement is the following: Connect to an LDAP server (which uses GSS Negotiation) in order to do some queries (NOT TO AUTH USERS!).

    So surfing the net and reading tons of docs I found out that in order to get GSSAPI working I have to previously set up JAAS.
    As per SUN's GSSAPI tuto:
    To use the GSS-API SASL mechanism, you must do the following.
    1. Authenticate to Kerberos.
    2. Assume the identity of the authenticated principal.
    3. When creating the initial context, set the Context.SECURITY_AUTHENTICATION(in the API reference documentation) environment property to the string "GSSAPI that brought me back here.

    A need some clarification.
    1) Do I need JAAS at all?
    2) Do I even need spring-security or is it possible to achieve this only with spring-ldap?
    2.1) If spring-security IS required, how do I configure it to achieve JAAS authentication for a CLI application? Every example I found is web-based.

    If feel kinda frustrated... I know most of the code required by native APIs are pretty much boiler-plate but the spring-fashion is starting to look like "killing a mosquito with a cannon" since old-fashioned implementations turns to be much straight forward, and learning -ldap and -security is preventing me to move forward with my requirement This is the first time I feel like this with spring, so please guys, help me out!

    I'd really like to achieve this using spring, so any help will be much MUCH appreciated.

    If this is a spring-ldap post, please -admin- feel free to move it to the proper forum, but I've seen links related to this matter forwarded to this one from there.

    Thanks in advance guys!