[jcifs] Can't get kerberos
Michael B Allen
mba2000 at ioplex.com
Mon Aug 14 02:53:49 GMT 2006
On Sun, 13 Aug 2006 23:45:12 +0300
"Shai Bentin" <shai at bentin.org> wrote:
> I've setup a jboss appliation server with jcifs and jcifs-ext to use spnego. I mean to setup SSO.
> I used a servlet filter to intercept calls to a certain page a login.jsp. These calls are to be authenticated with an active directory server.
>
> The client browsers are explorer 6.02.
>
> My situation is confusing. First of all I don't seem to get an spnego ticket from the browsers, thus I'm not using Kerberos, only ntlm tickets.
Did you setup the HTTP service principal in AD?
> I'm able to process these tickets but this behavior is not consistent.
>
> Sometimes I'm able to authenticate and do SSO, sometimes I'm unable to authenticate. I don't seem to see any constancy behind this behavior.
>
> I'm wondering:
>
> whay can't I get the spnego ticket with Kerberos.??
Just to clarify, "tickets" is specific to Kerberos. There's no such
thing as an NTLM or SPNEGO "ticket". Perhaps you mean GSSAPI tokens.
> What can cause this inconsitent behavior with the NTLM authentication.
Donno.
Mike
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/
More information about the jcifs
mailing list