Compatibility between SSPI and JGSS

Torrey Searle tse at swing.be
Mon Nov 10 13:09:23 EST 2003


I am trying write a java server that is compatible with a windows
application written to sspi on windows. (with kerberos)

However, I have been observing several strange things.  First of all
acceptSecContext() returns a 0 length byte array instead of null.  Is this
normal?

More seriously, it seems that if the inital context sent by the windows
client only has the Integrity flag marked (no replay detection, no sequence
detection, no confidentiality).  Then any singed messages the server sends
to the client results in a message out of sequence error on the client.

Does anybody know why this is and how I can fix it?

Torrey





More information about the Kerberos mailing list