I have been reading information on how to implement kerberos within applications that we have. I need some help understanding what I need to do. I would like to use a java web application as an example.
1) Once I have kerberos installed and configured, the service would be the server where my web application is located, correct?
2) To get the client to use the java web application, I would need to write separate code using JAAS and Java GSS-API to allow authentication and authorization to occur? I need an example to understand this concept or explanation. At what point does the client begin using the web application? I am confused. Is this new code inside my application or is it a separate application?
3) To be clear, once I have kerberos installed and configured, I use JAAS and Java GSS-API for a java application? What if my application is not written in java, lets say it is written in Fortran on OpenVMS? I know Kerberos is available on OpenVMS.
Thank you for your input.