Why does a GSS server need a key and not just a ticket?

Oliver Schoett os at sdm.de
Thu Nov 6 06:01:11 EST 2003


I have been playing with the Sun GSS/Kerberos sample code in

    http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/ClientServer.html

and noticed that the client in this scenario needs only a Kerberos 
ticket (for example, obtained from an initial Windows logon), whereas 
the server needs a key (secret information)|. |This creates a key 
management problem for our servers, which I would like to avoid.

Why is it that the server needs a key, when in principle, a ticket 
should be enough to prove one's identity?

Oliver Schoett


More information about the Kerberos mailing list