interoperability of Kerberos client and server
Jeffrey Altman
jaltman at MIT.EDU
Fri Sep 10 15:02:23 EDT 2004
The appropriate place for this discussion is kerberos at mit.edu or the
comp.protocols.kerberos
newsgroup. The krbdev at mit.edu mailing list is meant to be used for
discussion on the
development of the MIT Kerberos implementation.
I am redirecting replies to kerberos at mit.edu
As a hint: Java JAAS modules do not perform network authentication.
They are used to obtain
local credentials which may or may not be used in the future input to
the network authentication
protocol such as GSS-API. Java provides its own implementation of
GSS-API Kerberos 5 for use
in communicating with other GSS-API Kerberos 5 compatible clients and
servers.
Jeffrey Altman
Ying Zhao wrote:
>Thanks, Derrick!
>
>However, as far as my understanding about GSS-API, it is more like a
>peer-to-peer implementation. If I want to stick to (or at most customize
>with)
>"com.sun.security.auth.module.Krb5LoginModule" - a JAAS plug-in module,
>is this going to be a potential problem? From the source code, it is a
>NT implementation and I am working on tuning it for UNIX one.
>
>Thanks,
>- Ying
>
>
>
More information about the krbdev
mailing list