[jcifs] Using Kerberos authentication
Richard Caper
rcaper at gmail.com
Tue Mar 15 16:13:46 GMT 2005
I tried to look at this as well but had no luck. I thought of using
the Kerberos authentication from jcifs-ext in Davenport.
Theoretically I think it would be easier, as Kerberos ticket could be
set for delegation to allow access from Davenport to the backend file
servers (instead of passing through NTLM challenge and response as a
man in the middle). The problem you would get is that jCIFS itself
does not currently support Kerberos. So it would not be able to talk
to the file servers at all.
On Tue, 15 Mar 2005 08:39:54 -0500, David Carlin <djc6 at cwru.edu> wrote:
> Does anyone know if it is possible to use Davenport with Kerberos
> Authentication? To connect to the windows file server on campus with
> smbclient, basically I run 'kinit' first and am prompted for my
> password in our MIT Kerberos Realm. I then run "smbclient -k" and am
> immediately connected to the share.
>
> A little background... My windows domain password is unknown. Trust
> has been established between the MIT Kerberos Realm and the Active
> Directory on campus. On each windows client we run "ksetup /mapuser *
> *" to map the users between domains, so when I log in interactively as
> Username at KerberosRealm, it doesn't matter that the
> Username at ActiveDirectory password is unknown to everyone (this is to
> achieve single sign-on).
>
> Thanks!
>
> -David
>
>
More information about the jcifs
mailing list