Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Using JAAS to retrive ticket without providing a password

978809Dec 9 2012 — edited Dec 10 2012
Hi

I am trying to use JAAS in combination with SOAP. From what I understand, JAAS uses UDP (correct me if I am wrong) but that does not work for me because of some unique requirements, so right now the easy way should be to write a small SOAP client to send the username to the server where a JAAS login code is running, it will get the username and get the ticket to send it back via soap and so on.
The problem is that JAAS needs the password to get me the ticket but sending the password would defeat the purpose of using kerberos, is there a way to do this without sending the password?
for example
Use the username to get the TGT then send it via soap to the client where he will use his password to get the information, then send the needed information via soap to the server again and so on

Thanks

Comments

EJP
From what I understand, JAAS uses UDP (correct me if I am wrong)
You are wrong. JAAS doesn't use UDP. It doesn't do any networking at all. It is an API framework.
but that does not work for me because of some unique requirements
So you now need to review that decision.
978809
Thanks for the reply

When I run this code

loginCtx = new LoginContext( "Client",
new LoginCallbackHandler( username, password));

which uses this package import javax.security.auth.login.LoginContext;

It starts connecting to kerberos and I see it mentioning UDP ports in the console, I thought this was part of JAAS but it seems I was mistaken, that is not a problem now
So the question now is, is there a way to get SOAP in between the client and the kerberos without sending the username and password?
EJP
You need to do some basic reading about JAAS. Your question is too large to be answered here.
1 - 3
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Jan 7 2013
Added on Dec 9 2012
#authentication, #kerberos-java-gss-jgss
3 comments
2,061 views