SSO: Is a credential needed on the server ?
Rouiller Claude
claude.rouiller at rtc.ch
Fri Jun 11 08:27:30 EDT 2004
Hi
I've just implemented a SSO with a Microsoft KDC and my Java application
server (WLS 8.1). I've implemented a server-side security component (an
Authentication Provider, for those who know WLS) that authenticates the
users, using Kerberos and the GSS-API.
On the server, I have a keytab file, that I've created using Microsoft
ktpass (equivalent of MIT's kadmin). This keytab file contains the key for
the service principal.
As I'm not using mutual authentication (at the GSS level), I am wondering
whether the keytab file is really necessary on the server.
Does it contain a key that is necessary to check the tickets provided by the
users who attempt to become authenticated?
Thanks,
Claude
More information about the Kerberos
mailing list