I am using GSSAPI in Java to login to an LDAP server using Kerberos authentication. I'm a newbie for Kerberos, so I'm sorry if this is a clear question, but I did not get enough of anything on the Internet.
I follow the following steps:
- System properties
"java.security.auth.login.config"in the configuration file path Define login configuration by setting. - Call
LoginContext .login ()with configuration name and a self-contained callback handler - If the login is successful, the subject "Show to be" (< Connect to the LDAP server by using Code> Subject.doAs ()), and create a new
InitialLDAPContextwith the appropriate environment variable.
Now, my problem is that I do not understand which phase is the Karbos action? Is it right to say that I have only one TGT after the admission process? When will I get a service specific ticket?
Thank you, Wiki
class com.sun.security.auth .module.Krb5LoginModule is the implementation of the Sun of a login module for the Kerberos version 5 protocol. After successful certification, the ticket granting ticket (TGT) is set in the private certificate of the subject and the Kerberos principal is deposited in the principal set of the subject.
(taken from)
This means that LoginContext.login is actually equal to kinit After each, after that, we have a TGT.
Service Stamp Subject.doAs () . In accordance with the action taken in
Comments
Post a Comment