GSS Server without secret key?
Gustavo Rios
gustavo.rios at terra.com.br
Thu Nov 6 22:28:07 EST 2003
Oliver Schoett <os at sdm.de> wrote in message news:<3FAA2DAF.7010904 at sdm.de>...
> I have been playing with the Sun GSS/Kerberos sample code in
>
> http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/ClientServer.html
>
> and noticed that the client in this scenario needs only a Kerberos
> ticket (for example, obtained from an initial Windows logon), whereas
> the server needs a secret key. This creates a key management problem
> for our servers, which I would like to avoid.
>
> Why is it that the server needs a key, when in principle, a ticket
> should be enough to prove one's identity? Is there a way to avoid the
> key management problem for servers?
>
> Oliver Schoett
A ticket is not enough to prove one`s identity! It is necessary to
prove so, but not enough. About the server requirement for a key, my
suggestion is for reading some documentation on how kerberos works,
i.e., do the home work.
best regards.
More information about the Kerberos
mailing list