JAAS Kerberos login module

Ying Zhao Ying.Zhao at ithaka.org
Fri Sep 10 15:14:08 EDT 2004

Java JAAS module is not necessarily used to obtain local credentials,
right? I tried a program using a different KDC on another realm and it
still works, the only thing I needed to do is just to specify the KDC
and realm of the destination.

- Ying

-----Original Message-----
From: Jeffrey Altman [mailto:jaltman at mit.edu] 
Sent: Friday, September 10, 2004 3:02 PM
To: Ying Zhao
Cc: Derrick Schommer; krbdev at mit.edu
Subject: Re: interoperability of Kerberos client and server

The appropriate place for this discussion is kerberos at mit.edu or the 
newsgroup.  The krbdev at mit.edu mailing list is meant to be used for 
discussion on the
development of the MIT Kerberos implementation.

I am redirecting replies to kerberos at mit.edu

As a hint: Java JAAS modules do not perform network authentication.  
They are used to obtain
local credentials which may or may not be used in the future input to 
the network authentication
protocol such as GSS-API.  Java provides its own implementation of 
GSS-API Kerberos 5 for use
in communicating with other GSS-API Kerberos 5 compatible clients and 

Jeffrey Altman

Ying Zhao wrote:

>Thanks, Derrick!
>However, as far as my understanding about GSS-API, it is more like a
>peer-to-peer implementation. If I want to stick to (or at most
>"com.sun.security.auth.module.Krb5LoginModule" - a JAAS plug-in module,
>is this going to be a potential problem? From the source code, it is a
>NT implementation and I am working on tuning it for UNIX one.
>- Ying

More information about the Kerberos mailing list