Single Sign-on Using Kerberos in Java

Rouiller Claude claude.rouiller at
Wed Jun 2 13:05:05 EDT 2004


I'm trying to make run an example found on the web site. 
This example is issued of a paper called "Single Sign-on Using Kerberos in
Java" and is based on JAAS and the GSS-API.

If I understand Kerberos all right, the Kerberized service (called server in
this example) and the KDC have to share a secret key.
This shared secret key will be encrpyted with the client's secret key and
returned by the TGS, when the client requests a service ticket.

Now, I want to make this run on the following environment:
KDC: Windows 2003
client: Windows XP with Java 1.4.2
server: Solaris with Java 1.4.2

There are two things I don't understand:

1) When will the client request the service ticket? (How does it request a
service ticket, using JAAS and GSS?)

2) How do the Kerberized service and the KDC share the secret keys? My
understanding is that there must be one shared key per pair of user/service,
is that right? 
(I've found something about a microsoft tool called ktpass, but i think it
is only used to bound the service principal to the windows account name.)

Thanks in advance


More information about the Kerberos mailing list