How to use gssapi in java applet?

vadim vadim.tarassov at swissonline.ch
Thu Sep 28 02:33:10 EDT 2006


On Thu, 2006-09-28 at 12:21 +0800, lizhong wrote:
> Hi all,
>     I'm trying to build a applet client to connect to the gss-server.c program(in kerberos/src/app/gss-sample). I read this page:
> http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/BasicClientServer.html
>     And I have already built a java application client to connect to the C server. Like this:
> D:\test\client>java -Djava.security.krb5.realm=stg.com -Djava.security.krb5.kdc=192.168.100.100 -Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.auth.login.config=bcsLogin.conf SampleClient vnc/gdnode014 192.168.100.14 4444
> Connected to server /192.168.100.14
> Kerberos username [Administrator]: test/admin
>  test/admin 的 Kerberos key: xxxxxx
> Will send token of size 453 from initSecContext.
> Will read input token of size 114 for processing by initSecContext
> Context Established!
> Client is test/admin at stg.com
> Server is vnc/gdnode014
> Mutual authentication took place!
> Will send wrap token of size 61
> Will read token of size 37
> Verified received MIC for message.
> Exiting...
> 
> D:\test\client>
> 
>     But how can I change this client to a applet? I have two questions:
> 1.How can I use the parameters of cmd "java"(such as " -Djava.security.krb5.realm=stg.com ") to start the applet?

With command line argument starting with "-D" you define java system
properties. Same you can do with API System.setProperty()

> 2.How can I input the username and password? In the java application, this work is done by token = context.initSecContext(token, 0, token.length), and the output/input are in the stdio form.

You should continue to read the tutorial, namely the "JAAS
Authentication" part of it. It is not context.initSecContext() who asks
you for password, but default callback handler of the JAAS
"Krb5LoginModule" authentication module. You can develop your own
callback handler in swing if you wish. 

regards, vadim tarassov
> 
>     Thank you for any help!
> 
> --
> LiZhong
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos




More information about the Kerberos mailing list