Enterprise authentication with Kerberos (was Re: Smalltalk Argument)
Locked
 
|
Kerberos deserves its own topic rather than mixing in with the Smalltalk Argument one that now stands at 53 posts. Hopefully I've managed to extract pertinent parts of this thread.
On Thu, Oct 26, 2017 at 8:52 PM, henry <[hidden email]> wrote: Perhaps not, or not yet. Perhaps it is the communications foundation for an always-on cloud/bigData control layer. On Thu, Oct 26, 2017 at 9:15 PM, henry <[hidden email]> wrote: I think another good service to integrate well to is Elastic Search. A Kerberos effort will have to be a group effort. Sideways to my main focus and your all’s main focii. On Thu, Oct 26, 2017 at 11:39 PM, Paulo R. Dellani <[hidden email]> wrote:
On Fri, Oct 27, 2017 at 6:06 AM, [hidden email] <[hidden email]> wrote:
On Sat, Oct 28, 2017 at 4:51 AM, henry <[hidden email]> wrote: How about Kerberos? Can we get a team to look closely at bringing integration for enterprise users? That would be helpful, or can you just put it behind a Kerberos wrapper? If that would work, collecting a demo, that could unlock more corporate wallets , for investment. |
|
|
> On Thu, Oct 26, 2017 at 3:14 PM, [hidden email] <[hidden email]> wrote:
>> >> Sure. Current main issue is to have Pharo work with Kerberos as secured Hadoop uses the UGI (UserGroupInformation) thing and that is a black hole of crypto things. > > > On Thu, Oct 26, 2017 at 9:15 PM, henry <[hidden email]> wrote: >> >> Of the 4 types of integration, I vote for and step forward to volunteer to help Kerberos integration in Pharo. What to do? > > > On Thu, Oct 26, 2017 at 11:39 PM, Paulo R. Dellani <[hidden email]> wrote: >> >> This all sounds very interesting. What is the idea? Wrap libkrb5 through UFFI or implement it in Smalltalk? > > > On Fri, Oct 27, 2017 at 6:06 AM, [hidden email] <[hidden email]> wrote: >> >> There are two key Kerberos implementations one can use with Hadoop. >> One is the FreeIpa/RedHat IdM. >> The other is ActiveDirectory. >> >> I am using FreeIPA which bundles MIT Kerberos/389/sssd and more for making a CA etc. Works wonderfullý well. >> >> AD is well ... part of the corporate landdscape. >> >> Most of Kerberos needs are done with Java in Hadoop. But details are buried in private Sun classes.. >> >> >> On Thu, Oct 26, 2017 at 6:23 PM, henry <[hidden email]> wrote: >>> >>> I have no idea which is best. For being able to say we use industry standard Kerberos, calling an accepted implementation seems wise, like OpenSSL support. > > > On Sat, Oct 28, 2017 at 4:51 AM, henry <[hidden email]> wrote: >> >> How about Kerberos? Can we get a team to look closely at bringing integration for enterprise users? That would be helpful, or can you just put it behind a Kerberos wrapper? If that would work, collecting a demo, that could unlock more corporate wallets , for investment. >> >> I'm not very familiar with the domain, but maybe we should consider GSSAPI & SSPI. "The dominant GSSAPI mechanism implementation in use is Kerberos. Unlike the GSSAPI, the Kerberos API has not been standardized and various existing implementations use incompatible APIs. The GSSAPI allows Kerberos implementations to be API compatible." [1] "SSPI is a proprietary variant of GSSAPI with extensions and very Windows-specific data types" [2] SSPI/Kerberos Interoperability with GSSAPI cheers -ben |
«
Return to Pharo Smalltalk Users
|
1 view|%1 views
| Free forum by Nabble | Edit this page |