Cross domain/realm authentication

1.8k views Asked by At

Here is my problem: I can't find any document on cross domain authentication with java+kerberos. I have to authenticate against distant LDAP on other realm. How can we do that in java?

Thank you

EDIT:

Here is my krb5.conf:

[libdefaults]

default_realm = REALM1

dns_lookup_realm = false

dns_lookup_kdc = false

forwardable = true

[realms]

REALM1 = {

kdc = kerberos.my.url.domain1:88

admin_server = kerberos.my.url.domain1:749

default_domain = .

}

REALM2 = {

kdc = kerberos.my.url.domain2:88

admin_server = kerberos.my.url.domain2:749

}

[domain_realm]

.my.url.domain1 = REALM1

.my.url.domain2 = REALM2

Cross-realm works in command line when I execute on domain1

ldapsearch -H "ldap:/my.url.domain2"

so I suppose my krb5.conf is good

1

There are 1 answers

3
Opher On

Authenticating against an LDAP is not the same as authenticating with Kerberos.
Could you give some more backgroung on what it is you need to accomplish. For example:

  • are you writing client code that needs to respond to a Kerberos authentication chalenge?
  • does your code need to validate a user + password against an LDAP?