Why does a GSS server need a key and not just a ticket?

Sam Hartman hartmans at MIT.EDU
Fri Nov 7 15:49:20 EST 2003


>>>>> "Oliver" == Oliver Schoett <os at sdm.de> writes:

    Oliver> I have been playing with the Sun GSS/Kerberos sample code
    Oliver> in
    Oliver> http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/ClientServer.html

    Oliver> and noticed that the client in this scenario needs only a
    Oliver> Kerberos ticket (for example, obtained from an initial
    Oliver> Windows logon), whereas the server needs a key (secret
    Oliver> information)|. |This creates a key management problem for
    Oliver> our servers, which I would like to avoid.

So, as others have pointed out you could use user-to-user
authentication to allow the server to only end up needing a ticket.
But how would you get this ticket for the servers?




More information about the Kerberos mailing list