Back Ground:
We have an existing Kerberos utility (developed using sun GSS API), which can be used by either web application/a standalone java based application to accept service ticket for a specific service or delegate GSS credentials to fetch a service ticket for another service.
Requirement:
Since our utility was developed using sun GSS API, it only works if all the services exists in single domain as the sun GSS API cannot understand reference tickets generated for cross domain authentication.
We now have a plan to develop this utility that allows to communicate services exist in multiple domains, for this purpose we are planning to use VSJ. We still wanted the client remain the same(either web application or a standalone application) for this utility.
1. Is there a way to integrate VSJ with the existing Kerberos utility(just by providing the VSJ security provider), so that without changing the existing utility code the cross domain authentication is successful?
2. If step1 is not possible, What configuration steps/additional VSJ APIs need to be used to achieve cross functionality. If any specific guide/documentation/any pointers available please point me to the same.
Thanks,
Naga