I am trying to implement a web service on WAS 7.0 that uses JNDI to communicate with an Active Directory running Windows Server 2008 R2.
Before I begin, I'd like to mention that I have not much knowledge in Kerberos authentication but have read up on the mechanism.
I have successfully implemented and tested a change password function using a web service call from a client to the AD through WAS.
InitialLdapContext ctx = new InitialLdapContext(env, null);
// Call change password function using ctx
I understand that to implement Kerberos authentication in JNDI, the code below should be used instead.
I have also successfully implemented Kerberos authentication without
WAS (no web services) by using the kinit
command on the client to retrieve the cache and then running the modified code on the console. This can't be the right way to proceed as I cannot expect the client to open the command prompt to key kinit
every time he uses the system.
LoginContext lc = new LoginContext("krb5.conf");
I have executed the above code and managed to get a successfully authentication. The krb5.conf, keytab and keystore are stored locally on the client for this testing purpose. I understand that these are supposed to be configured within WAS.
The problem arises when I am trying to integrate WAS with the code I have. I'm not too familiar with the settings within WAS and assuming the settings within have been set up correctly (by someone else), what should I do to within my code to perform the task at hand? I should not be utilizing files such as the keytab directly.
What I have at the moment is very similar to this Link
and I believe that WAS should be handling most of it for me, but I am not sure how.
Thanks in advance.