Yoav S Yoav S - 2 months ago 18
Java Question

LDAP connections pooling with kerberos authentication

The problem I am trying to solve is that when connecting with

using kerberos, we request a new
and session key every time. This puts unnecessary load on the the
and on the network.

We want to either use a
connection pool BUT WITH CUSTOM authentication or somehow just reuse the

Please assist.

Thank you


There are several approaches to this:

  1. If you don't intend to pool connections, use LoginContext to obtain a Subject with your TGT, hold that TGT in memory for as long as it is valid and wrap it with a acquire/release implementation. As soon as you have your Subject wrap the new InitialDirContext() call in a PriviledgedAction with Subject#doAs().
  2. Using a pool (this is what I do in Spring): Adapt the Commons Pool 2 solution implemented by Spring LDAP. Though, Spring's ContextSource does not support SASL GSSAPI mechanism. Luckily, you can use my library for that.

Either way, I using both approaches. The first approach works in a custom authenticator/realm and is blazingly fast here. I wonder why your implemention is so slow -- whatever slow means to you.