Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] Adding in spnego authentication support

Just kerberos, and its a bit finicky in the setup as spnego has to be
configured correctly or else IE will fall back to just attaching an
ntlm token to the spengo authorization header instead of properly
using kerberos.

since the jvm has been steadly picking up basic support for these
things more a fall back to ntlm is reasonable at some
point....technically the spnego spec forbids the ntlm token coming
back but microsoft doesn't generally care about such things and does
it anyway and expects people to roll with it.  I have actually been
considering testing the token to see if its ntlm and warn the log or
something about it.  there is a fair amount of discussion on that out
on various mailing lists, etc :)


jesse mcconnell

On Thu, Aug 19, 2010 at 13:10, Chad La Joie <lajoie@xxxxxxxxx> wrote:
> Hey Jesse, out of curiosity, what forms of credentials does the spnego
> module support?  Only kerb or also things like NTLM?
> On Thu, Aug 19, 2010 at 13:58, Jesse McConnell
> <jesse.mcconnell@xxxxxxxxx> wrote:
>> I have a jetty-spnego module in the sandbox...the latest iteration as
>> no external dependencies so I am considering rolling it into
>> jetty-security now..
>> any reasons not to?  I am also passively working on additional ldap
>> support for getting roles from AD but its not something that is easily
>> generic between a standard ldap server and the Microsoft variant...
>> cheers,
>> jesse
>> --
>> jesse mcconnell
>> jesse.mcconnell@xxxxxxxxx
>> _______________________________________________
>> jetty-dev mailing list
>> jetty-dev@xxxxxxxxxxx
> --
> Chad La Joie
> trusted identities, delivered
> _______________________________________________
> jetty-dev mailing list
> jetty-dev@xxxxxxxxxxx

Back to the top