I don't know anything about wicket... does this use a LoginModule and/
or login configuration?
On a conceivably related note, triplesec has some nasty code to try
to find a sun or ibm kerberos LoginModule.... do you have one or know
how to write one? I think having our own would be pretty handy.
thanks
david jencks
On Feb 18, 2007, at 5:46 PM, Enrique Rodriguez wrote:
Hi, Directory developers,
As part of documenting practical uses of Apache Directory for Kerberos
authentication, I got Kerberos authentication to a Wicket web app
working. This uses the "SPNEGO+GSS-API+Kerberos V5" scheme
popularized by IE and now well-supported in Firefox. I used the jGSS
code in JDK 1.5, so this was a pretty quick 80-lines of code to glue
Negotiate processing to Wicket. The "three-headed" Kerberos setup I
tested was (1) Firefox 2 and IE 7 (2) Wicket app (3) and Apache
Directory.
I wanted to check where the best home for this code is. I followed
the layout of the "signin" and "signin2" apps in Wicket Examples, so
one possibility is a contribution to Wicket. But, 90% of the
difficulty is in the configuration of Kerberos, so I think it makes
the most sense to maintain at Directory. The code is commented and
ready to commit. I would do a Confluence page to detail, from
scratch, how to set this up.
Any objections to my committing this to Directory? Would it be a
module in trunk or something I put in my sandbox, maybe until you get
to review a TBD Confluence page?
Enrique
