I am trying to use JAAS in combination with SOAP. From what I understand, JAAS uses UDP (correct me if I am wrong) but that does not work for me because of some unique requirements, so right now the easy way should be to write a small SOAP client to send the username to the server where a JAAS login code is running, it will get the username and get the ticket to send it back via soap and so on.
The problem is that JAAS needs the password to get me the ticket but sending the password would defeat the purpose of using kerberos, is there a way to do this without sending the password?
Use the username to get the TGT then send it via soap to the client where he will use his password to get the information, then send the needed information via soap to the server again and so on
loginCtx = new LoginContext( "Client",
new LoginCallbackHandler( username, password));
which uses this package import javax.security.auth.login.LoginContext;
It starts connecting to kerberos and I see it mentioning UDP ports in the console, I thought this was part of JAAS but it seems I was mistaken, that is not a problem now
So the question now is, is there a way to get SOAP in between the client and the kerberos without sending the username and password?