Krb5LoginModule verify TGT?
Weijun Wang
weijun.wang at oracle.com
Fri Mar 11 01:36:29 UTC 2011
Hi Christopher
I'm not familiar with that function. So it reads the user's secret key
from a keytab and try to decrypt the TGT to see if it can successfully
get the session key inside?
This is a part of the Krb5LoginModule login process: it receives a TGT
from the KDC and use either the password or keytab (depending on your
JAAS config file) to decrypt it. After the commit() method is called,
the credentials (containing both the TGT and the session key) are stored
as private credentials in the JAAS subject.
All public methods we have around Kerberos are APIs defined in JAAS and
JGSS.
BTW, this mailing list is used to discuss the development of OpenJDK
security libraries itself. For API usage or general technical support,
it would be better to post a question in the forum. There are much more
experts on application programming there.
http://forums.oracle.com/forums/forum.jspa?forumID=963
Thanks
Max
On 03/11/2011 01:49 AM, cneberg wrote:
> How do I get the com.sun.security.auth.module.Krb5LoginModule login
> module to verify the TGT against a key in the keytab like is done in
> krb5_verify_init_creds() which is part of C Krb5 API?
>
> Notes on that API
>
> http://www.daemon-systems.org/man/krb5_verify_init_creds.3.html
>
> Thanks,
> Christopher
>
More information about the security-dev
mailing list