0

I'm working on a web application running on JRE 7u7 that uses the SPNEGO library from Sourceforge for authentication. All is well as long as Kerberos is working, but since it's deployed in a complex environment of multiple domains and various interfering network devices, this is not always the case.

In cases where Windows clients fail to obtain a service ticket, they apparently attempt to do SPNEGO with just two provided mechanisms: NTLMSSP and NegoEx. Is there any hope using the JGSS library to understand these?

I saw it stated a couple of times that the Java 6 SPNEGO implementation only supports the Kerberos mechanism, but couldn't find a definitive answer on whether that's still true for Java 7. If it can't be done, is there third party Java code that would enable SPNEGO with support for Kerberos and (at least) NTLMSSP?

themel
  • 8,825
  • 2
  • 32
  • 31

1 Answers1

0

There won't be any support from Oracle for a proprietary technology like NTLM. You have to resort to third-party components. If you intend to use this with Tomcat, this is going to be tough! NTLM requires connection-based authentication because it is stateful. Tomcat does not support that.

Michael-O
  • 18,123
  • 6
  • 55
  • 121