GSS Server without secret key?
Douglas E. Engert
deengert at anl.gov
Fri Nov 7 09:50:52 EST 2003
Gustavo Rios wrote:
>
> Oliver Schoett <os at sdm.de> wrote in message news:<3FAA2DAF.7010904 at sdm.de>...
> > I have been playing with the Sun GSS/Kerberos sample code in
> >
> > http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/ClientServer.html
> >
> > and noticed that the client in this scenario needs only a Kerberos
> > ticket (for example, obtained from an initial Windows logon), whereas
> > the server needs a secret key. This creates a key management problem
> > for our servers, which I would like to avoid.
> >
> > Why is it that the server needs a key, when in principle, a ticket
> > should be enough to prove one's identity? Is there a way to avoid the
> > key management problem for servers?
Three reasons:
(1) You want the server to identify itself to the client, mutual authentication.
(2) When using symetric key technology, the client and the server need to share
some secret. With Kerberos they use a third party, the KDC with which they
each share a secret. The KDC then gives the client a ticket wich has a session key
encrypted for the client and for the server. The client gives it to the server,
who can decrypt it using the secret key.
(3) It avoids man in the middle attacks.
The management of the servers's secret key is what you pay for this.
> >
> > Oliver Schoett
>
> A ticket is not enough to prove one`s identity! It is necessary to
> prove so, but not enough. About the server requirement for a key, my
> suggestion is for reading some documentation on how kerberos works,
> i.e., do the home work.
>
> best regards.
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list