Why does a GSS server need a key and not just a ticket?
Sam Hartman
hartmans at MIT.EDU
Fri Nov 7 15:49:20 EST 2003
>>>>> "Oliver" == Oliver Schoett <os at sdm.de> writes:
Oliver> I have been playing with the Sun GSS/Kerberos sample code
Oliver> in
Oliver> http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/ClientServer.html
Oliver> and noticed that the client in this scenario needs only a
Oliver> Kerberos ticket (for example, obtained from an initial
Oliver> Windows logon), whereas the server needs a key (secret
Oliver> information)|. |This creates a key management problem for
Oliver> our servers, which I would like to avoid.
So, as others have pointed out you could use user-to-user
authentication to allow the server to only end up needing a ticket.
But how would you get this ticket for the servers?
More information about the Kerberos
mailing list