Tomcat authentication using SPNEGO/Kerberos and delegation

Question

Is there an apache module that implements Kerberos authentication for use by Tomcat and also supports Kerberos delegation?

I\'ve already looked at mod_spnego and it thro

Answer 1

WAFFLE (Windows Authentication Functional Framework) now provides that feature starting from v1.4beta.

It provides a ServletFilter that uses native Windows APIs to authenticate the user, either using Basic or Negotiate authentication. The user then can be impersonated, and native APIs calls will be performed with the access token of the impersonated user.

Answer 2

How about using the JAAS realm and using the kerberos 5 JAAS module?

http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JAASRealm

http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html

Looks like it might require a little coding, but the pieces should be there.

Answer 3

Here's a http://spnego.sourceforge.net/credential_delegation.html tutorial. It implements Kerberos/SPNEGO as an HTTP Servlet Filter and supports credential delegation.