0 Replies Latest reply on Nov 20, 2011 11:05 AM by Ivan Chung

    JBossNegotiation -- Why the server need to authenticate to KDC at runtime.

    Ivan Chung Newbie

      Dear all:


      I succesfully configured Jboss 5.1 server with JbossNegotiation to autnenticate client using kerberos against AD.  By trial and error, I found out only JbossNegotiation  2.0.4GA  can work with Jboss 5.1 against Windows server 2008.


      one thing that I don't understand is that why the server need to authenticate to the KDC for every client login? The Jboss server already has a keytab file which contains the server secret key which should be sufficient enough to decrypt client ticket ?


      Also, according to the diagram  http://en.wikipedia.org/wiki/File:Kerberos.png, there is no connection between application server and KDC.


      Will be appreciated if anyone can answer.



      Ivan Chung