Krb5LoginModule verify TGT?

Weijun Wang weijun.wang at oracle.com
Fri Mar 11 01:36:29 UTC 2011


Hi Christopher

I'm not familiar with that function. So it reads the user's secret key 
from a keytab and try to decrypt the TGT to see if it can successfully 
get the session key inside?

This is a part of the Krb5LoginModule login process: it receives a TGT 
from the KDC and use either the password or keytab (depending on your 
JAAS config file) to decrypt it. After the commit() method is called, 
the credentials (containing both the TGT and the session key) are stored 
as private credentials in the JAAS subject.

All public methods we have around Kerberos are APIs defined in JAAS and 
JGSS.

BTW, this mailing list is used to discuss the development of OpenJDK 
security libraries itself. For API usage or general technical support, 
it would be better to post a question in the forum. There are much more 
experts on application programming there.

    http://forums.oracle.com/forums/forum.jspa?forumID=963

Thanks
Max


On 03/11/2011 01:49 AM, cneberg wrote:
> How do I get the com.sun.security.auth.module.Krb5LoginModule login
> module to verify the TGT against a key in the keytab like is done in
> krb5_verify_init_creds() which is part of C Krb5 API?
>
> Notes on that API
>
> http://www.daemon-systems.org/man/krb5_verify_init_creds.3.html
>
> Thanks,
> Christopher
>



More information about the security-dev mailing list