[security-dev 00998]: CCAPI in Java
Weijun Wang
Weijun.Wang at Sun.COM
Wed Jul 22 03:49:11 UTC 2009
Hi Shawn
Earlier this year, you've asked me about supporting CCAPI in Java. At
the time, our Java JGSS provider only support the FILE ccache reading.
(We do have a native bridge to GSSAPI but that provider is not turned on
by default).
I'm creating a native bridge to CCAPI now.
Some questions:
1. How can I create a non-FILE ccache for a test?
2. How likely is that a non-FILE ccache will be used in practice
nowadays? Currently the Java build machine of Solaris is still S10 6/06.
Since Kerberos 5 API are introduced in S10 8/07, I need a strong reason
to persuade the release team to upgrade or add krb5.h to the building
environment.
3. I'm writing my codes based on the klist program in MIT krb5-1.7,
which include calls to these functions:
krb5_init_context
krb5_cc_default
krb5_cc_get_name
krb5_cc_get_type
krb5_cc_set_flags
krb5_cc_start_seq_get
krb5_cc_next_cred
krb5_unparse_name
krb5_free_unparsed_name
krb5_free_cred_contents
krb5_cc_end_seq_get
krb5_free_context
How about the compatibility of these functions with previous/other
versions of krb5? Since JGSS already supports reading FILE ccache, I
won't care about the old krb5 versions that also only supports FILE ccache.
Thanks
Max
More information about the security-dev
mailing list