Exemplary embodiments relate generally to providing authentication in a computer environment, and more particularly, to methods, systems and computer program products for providing Kerberos authentication in a computer environment.
Using the Internet to transmit data requires security in order to prevent unauthorized use of data and/or applications. Because tools to “sniff” passwords off the network are in common use by system crackers, applications that send unencrypted passwords over the network are vulnerable to security breaches. Other client/server applications rely on the client program to be “honest” about the identity of the user who is using it. Still other applications rely on the client to restrict its activities to those that it is allowed to do, with no enforcement by the server.
Some sites attempt to use firewalls to solve network security problems. This approach assumes that the “bad guys” are on the outside, which may not always be the case. Firewalls also have the disadvantage in that they restrict how users can utilize the Internet. These restrictions may not be realistic and/or acceptable to users of the system.
Network security may also be addressed by using a tool such as Kerberos. Kerberos is a network authentication protocol developed at Massachusetts Institute Technology (MIT) to allow users and services to authenticate themselves to each other. Kerberos is designed to provide strong authentication for client/server applications by using secret-key cryptology. A free implementation of Kerberos is available from MIT. Kerberos is also available as a professionally supported product from several different vendors. The Kerberos protocol uses cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server have used Kerberos to prove their identity, they can encrypt and/or digitally sign all of their communications to assure privacy and data integrity as they interact.
WebLogic Server (WLS) from BEA System, Incorporated includes an application infrastructure for developing, integrating, securing and managing distributed service-oriented applications. WLS is a standards based application server providing a foundation on which an enterprise can build its client/server applications. It may be utilized to support application development and application deployment including integrating enterprise systems and databases, delivering services and collaborating over the Internet.
In many cases clients are authenticated to Kerberos during client start up and Kerberos authentication is utilized to provide security between the client and services invoked by the client. WLS, as currently implemented, does not support an interface to Kerberos and therefore Kerberos cannot be utilized to provide security between the client and WLS. The ability to utilize Kerberos to provide security between a client and WLS would be desirable.