JAVA of the PAC

In some ways, working with .NET code spoils you.  When working with ASP.NET apps which want to use Authorization information based upon the authenticated user’s PAC contents, it’s a simple call to IsInRole(). This uses the Privilege Attribute Certificate (PAC) in the Kerberos ticket to determine if a user is in a specific group for…

Read More

More from that 3 headed dog we know and love – Kerberos

It seems the last few weeks I’ve been putting out fires around usage of SPNEGO in a IBM Websphere deployment troubleshooting authentication errors.   It turns out it was a mix of header size issues on the web server (IHS – IBM’s branded Apache) and client related problems on the desktop.   Though it is interesting to me that IBM’s…

Read More

Kerberos Resources

I’ve been doing alot of kerberos integration for applications lately so I wanted to start to keep track of resources here for myself. Windows 2000 Kerberos Authentication – A simplified kerberos explanation Kerberos Authentication in Windows Server 2003 – 2003 updates How the Kerbneros Version 5 Authentication Protocol Works – A more indepth resource for…

Read More