The problem I am trying to solve is that when connecting with LDAP using kerberos, we request a new TGT and session key every time. This puts unnecessary load on the the KDC and on the network.
We want to either use a LDAP connection pool BUT WITH CUSTOM authentication or somehow just reuse the TGT.
Please assist.
Thank you
There are several approaches to this:
LoginContext to obtain a Subject with your TGT, hold that TGT in memory for as long as it is valid and wrap it with a acquire/release implementation. As soon as you have your Subject wrap the new InitialDirContext() call in a PriviledgedAction with Subject#doAs().ContextSource does not support SASL GSSAPI mechanism. Luckily, you can use my library for that.Either way, I using both approaches. The first approach works in a custom authenticator/realm and is blazingly fast here. I wonder why your implemention is so slow -- whatever slow means to you.