Forum Stats

  • 3,784,353 Users
  • 2,254,928 Discussions
  • 7,880,790 Comments

Discussions

Using JAAS to retrive ticket without providing a password

978809
978809 Member Posts: 2
edited Dec 10, 2012 3:32AM in Kerberos & Java GSS (JGSS)
Hi

I am trying to use JAAS in combination with SOAP. From what I understand, JAAS uses UDP (correct me if I am wrong) but that does not work for me because of some unique requirements, so right now the easy way should be to write a small SOAP client to send the username to the server where a JAAS login code is running, it will get the username and get the ticket to send it back via soap and so on.
The problem is that JAAS needs the password to get me the ticket but sending the password would defeat the purpose of using kerberos, is there a way to do this without sending the password?
for example
Use the username to get the TGT then send it via soap to the client where he will use his password to get the information, then send the needed information via soap to the server again and so on

Thanks
Tagged:

Answers

  • EJP
    EJP Member Posts: 32,920 Gold Crown
    From what I understand, JAAS uses UDP (correct me if I am wrong)
    You are wrong. JAAS doesn't use UDP. It doesn't do any networking at all. It is an API framework.
    but that does not work for me because of some unique requirements
    So you now need to review that decision.
  • 978809
    978809 Member Posts: 2
    Thanks for the reply

    When I run this code

    loginCtx = new LoginContext( "Client",
    new LoginCallbackHandler( username, password));

    which uses this package import javax.security.auth.login.LoginContext;

    It starts connecting to kerberos and I see it mentioning UDP ports in the console, I thought this was part of JAAS but it seems I was mistaken, that is not a problem now
    So the question now is, is there a way to get SOAP in between the client and the kerberos without sending the username and password?
  • EJP
    EJP Member Posts: 32,920 Gold Crown
    You need to do some basic reading about JAAS. Your question is too large to be answered here.
This discussion has been closed.