SSO: Is a credential needed on the server ?

Jeffrey Altman jaltman2 at
Fri Jun 11 09:08:59 EDT 2004

Rouiller Claude wrote:
> Hi
> I've just implemented a SSO with a Microsoft KDC and my Java application
> server (WLS 8.1). I've implemented a server-side security component (an
> Authentication Provider, for those who know WLS) that authenticates the
> users, using Kerberos and the GSS-API.
> On the server, I have a keytab file, that I've created using Microsoft
> ktpass (equivalent of MIT's kadmin). This keytab file contains the key for
> the service principal.
> As I'm not using mutual authentication (at the GSS level), I am wondering
> whether the keytab file is really necessary on the server.
> Does it contain a key that is necessary to check the tickets provided by the
> users who attempt to become authenticated?
> Thanks,
> Claude

The key is necessary for the service to be able to read and validate the
contents of the service ticket presented to the service by the client 
which was issued by the KDC.

Jeffrey Altman

This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu

More information about the Kerberos mailing list