Posted: Tue Jul 15, 2014 5:04 am Post subject: Mobile apps and telemetry security design
Disciple
Joined: 22 Jan 2014 Posts: 164
hi
need some advice on my mobile app design.
Say I have users using mobile app which will login to my Windows domain using an id and password. I am using telemetry for this mobile app. ie Users are going to publish/subscribe using telemetry.
I also want the users to be authenticated using Kerberos. My app will probably use some Java api such as javax.security.auth.Subject to get the kerberos ticket from the currently logged on user. Then this ticket will somehow need to end up at my MQ server which is running the MQTT channel service and get authentiated through JAAS login module.
MQTT channels support the JAAS login module. Hence I will need to create a custom authentication module because the IBM class called com.ibm.security.auth.module.Krb5LoginModule need to be supplied with a useCcache = file:///somewhere/krb5cc_[username] parameter.
How can I pass the ticket from the mobile app (client) side to my MQ server? I am thinking of passing the ticket into the setPassWord() method of the MQTTConnectOptions class. And then my custom authentication module with get this "password" and write it to a physical credential file. The path of the credential file will be supplied to com.ibm.security.auth.module.Krb5LoginModule.
Is there a better or seamless way than this to authenticate mobile users using Kerberos?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum