java Kerberos 身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/29674739/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Kerberos Authentication
提问by Lakshya
Please explain what, why and how of kerberos authentication. I am using spring 3+. Also please elaborate on how to implement it in my java spring project.
请解释 kerberos 身份验证的内容、原因和方式。我正在使用 spring 3+。另外请详细说明如何在我的java spring项目中实现它。
回答by Martin Spa
There's an official Kerberos extension for Spring Security: http://projects.spring.io/spring-security-kerberos/
Spring Security 有一个官方的 Kerberos 扩展:http: //projects.spring.io/spring-security-kerberos/
First step is to configure Spring Security for your project. Try that with for example a temporary in-memory authentication configuration, with some hardcoded users - just to check that the rest of the configuration is O.K.
第一步是为您的项目配置 Spring Security。尝试使用例如临时内存中身份验证配置和一些硬编码用户 - 只是为了检查其余配置是否正常
Then, proceed with adding a Kerberos authentication provider, configuring the Spnego configuration and etc (everything is described in the documentation).
然后,继续添加 Kerberos 身份验证提供程序、配置 Spnego 配置等(所有内容都在文档中进行了描述)。
Check out the example (uses Java-based configuration, but it's easy to translate that to XML config): https://github.com/spring-projects/spring-security-kerberos/blob/master/spring-security-kerberos-samples/
查看示例(使用基于 Java 的配置,但很容易将其转换为 XML 配置):https: //github.com/spring-projects/spring-security-kerberos/blob/master/spring-security-kerberos-样品/
And the documentation: http://docs.spring.io/spring-security-kerberos/docs/1.0.0.RC2/reference/htmlsingle/
和文档:http: //docs.spring.io/spring-security-kerberos/docs/1.0.0.RC2/reference/htmlsingle/
回答by Abhishek Jain
I have tried to explain the what and how part of the Kerberos protocol in my blog at: Kerberos. Please feel free to checkout. A summary of the same is as follows:
我试图在我的博客中解释 Kerberos 协议的内容和方式部分:Kerberos。请随时结帐。总结如下:
Kerberos is s a trusted third-party authentication protocol designed for TCP/IP networks which is based on symmetric cryptography.
Kerberos 是一种受信任的第三方身份验证协议,专为基于对称加密的 TCP/IP 网络而设计。
Kerberos provides encrypted transport and authentication using security tokens and secure session keys, in order to secure the communication between the client and the server.
Kerberos 使用安全令牌和安全会话密钥提供加密传输和身份验证,以保护客户端和服务器之间的通信。
The kerberos model basically consists of a kerberos server which authenticates the client and provides security tokens in order to interact with a ticket granting service or the TGS. The TGS then is responsible for authenticating this client for access to the actual server.
kerberos 模型基本上由一个 kerberos 服务器组成,它对客户端进行身份验证并提供安全令牌,以便与票证授予服务或 TGS 进行交互。然后,TGS 负责验证该客户端以访问实际服务器。
I have tried to describe it in a pictorial and step by step way in my blog.
我试图在我的博客中以图片和逐步的方式描述它。
