Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-10418 Refactor UserDirectoryService and UserDirectoryProvider
  3. SAK-10025

Support two-step Kerberos authentication in sample provider

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: CLOSED
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.4.0, 2.4.1, 2.4.x, 2.5.x, 2.6.x
    • Fix Version/s: 2.7.0
    • Component/s: Providers
    • Labels:
      None

      Description

      At UC Berkeley, our local security group considers single-step Kerberos authentication (which just checks the user's ID and password) insufficient. Instead, they ask for a handshake between the user's password-based authentication and the service's keytab-based authentication, ensuring that both parties in the deal are known.

      At the moment, we're integrating Sakai and Kerberos via some very in-house-only code. However, we'd like to see a handshaking provider made available in the trunk, especially since it seems difficult currently to find any good examples of the approach on the web. (Sun's sample code tends to emphasize desktop Kerberos clients used to implement single sign-on, rather than the web server authentication needed by something like Sakai.)

        Gliffy Diagrams

          Zeplin

            Attachments

            1. kerb-provider.patch
              39 kB
            2. kerb-provider2.patch
              44 kB
            3. SAK-10025.patch
              31 kB

              Activity

                People

                Assignee:
                seththeriault Seth Theriault
                Reporter:
                raydavis Ray Davis (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Git Integration