• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 958
  • Last Modified:

How to implement Kerberos with applications?

Hello All,
I have been reading information on how to implement kerberos within applications that we have. I need some help understanding what I need to do.  I would like to use a java web application as an example.

1)  Once I have kerberos installed and configured, the service would be the server where my web application is located, correct?

2)  To get the client to use the java web application, I would need to write separate code using JAAS and Java GSS-API to allow authentication and authorization to occur?  I need an example to understand this concept or explanation.  At what point does the client begin using the web application? I am confused.  Is this new code inside my application or is it a separate application?

3) To be clear, once I have kerberos installed and configured, I use JAAS and Java GSS-API for a java application?  What if my application is not written in java, lets say it is written in Fortran on OpenVMS?  I know Kerberos is available on OpenVMS.

Thank you for your input.
  • 2
1 Solution
OliviaRedhorseAuthor Commented:
Just answer this answer for me.
At what point do I invoke my java web application to begin? For examples sake, lets say I have java web applications (app1 and app2) and the user would like to get to app1.  I am trying to understand where the Kerberos ends and my application begins.  Thank you!
Answer to point 3)

If your application is written in Fortran and not in Java, then the only way to use Kerberos is to find a C API for Kerberos, Fortran can call C code in a more or less standard way, at lest if you have a fairly recent compiler, but not java code.

So for this purpose you need to find a C example of Kerberos web application (I do not know Kerberos, so I cannot help much) and mimic its behavior from Fortran.

OliviaRedhorseAuthor Commented:
Thank you for replying.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now