SSO: Is a credential needed on the server ?
Jeffrey Altman
jaltman2 at nyc.rr.com
Fri Jun 11 09:08:59 EDT 2004
Rouiller Claude wrote:
> Hi
>
> I've just implemented a SSO with a Microsoft KDC and my Java application
> server (WLS 8.1). I've implemented a server-side security component (an
> Authentication Provider, for those who know WLS) that authenticates the
> users, using Kerberos and the GSS-API.
>
> On the server, I have a keytab file, that I've created using Microsoft
> ktpass (equivalent of MIT's kadmin). This keytab file contains the key for
> the service principal.
>
> As I'm not using mutual authentication (at the GSS level), I am wondering
> whether the keytab file is really necessary on the server.
> Does it contain a key that is necessary to check the tickets provided by the
> users who attempt to become authenticated?
>
> Thanks,
> Claude
The key is necessary for the service to be able to read and validate the
contents of the service ticket presented to the service by the client
which was issued by the KDC.
Jeffrey Altman
--
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu
More information about the Kerberos
mailing list