How to use gssapi in java applet?
Seema.Malkani at Sun.COM
Mon Oct 2 14:24:00 EDT 2006
Here are your options:
1) Install the Kerberos configuration file instead of using system
"java.security.krb5.kdc" and "java.security.krb5.realm".
2) Set system properties via java.lang.System class
e.g System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
3) Configure the Krb5LoginModule programmatically.
Refer to following for details:
lizhong wrote On 09/29/06 02:44,:
>I want to use the vnc applet client ,and need to modify the source code for kerberos authentication and data encryption. So I want the applet to be as easy to use as possible, and I hope no local file would be used in this process(for applet cannot visite local files without changing the security policy). I think that the example in this page( http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/BasicClientServer.html ) quite fits my needs, except that it's not a applet. This gssapi example uses no ticket cache files, and the user just needs to enter their kerberos username and password. But the Krb5LoginModule it uses only supports standard input and output, like this:
>D:\test\client>java -Djava.security.krb5.realm=stg.com -Djava.security.krb5.kdc=192.168.100.100 -Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.auth.login.config=bcsLogin.conf SampleClient vnc/gdnode014 192.168.100.14 4444
>Connected to server /192.168.100.14
>Kerberos username [Administrator]: test/admin
> test/admin ç�� Kerberos key: xxxxxx
>Will send token of size 453 from initSecContext.
>Will read input token of size 114 for processing by initSecContext
>Client is test/admin at stg.com
>Server is vnc/gdnode014
>Mutual authentication took place!
>Will send wrap token of size 61
>Will read token of size 37
>Verified received MIC for message.
>In a word, I want an applet implement which demonstrating the use of the Java GSS-API for secure exchanges of messages, without using local files. The user doesn't need to know any detail of kerberos or gssapi, and what they need to do is just to open an IE, go to my site, enter their username and password.
>Is there such implements already beening developed? Or I have to read the source code of Krb5LoginModule, and develop my own LoginModule for java applet?
>Thank you for any help!
>Kerberos mailing list Kerberos at mit.edu
More information about the Kerberos