[
https://issues.apache.org/jira/browse/DIRKRB-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16112057#comment-16112057
]
Kai Zheng commented on DIRKRB-638:
----------------------------------
The server key, or the service key, is a shared key between the server and KDC.
Besides the keytab means that exports and stores the key in a file, I don't
know any other way to do the sharing. Note the service key is used to
decryption the ticket passed from client and it shouldn't be the session key.
Typically session key is used to do the channel message encryption, not the
authentication stuff.
One way to hack to use the username/password for the server side, might be
calling the util function to generate the exact same key as initially stored
into the KDC back end, but I'm not sure it's a good practice.
> KerbyGssAppTest fails when there is no keytab on the service side
> -----------------------------------------------------------------
>
> Key: DIRKRB-638
> URL: https://issues.apache.org/jira/browse/DIRKRB-638
> Project: Directory Kerberos
> Issue Type: Bug
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 1.1.0
>
> Attachments: DIRKRB-638.patch
>
>
> When we log in via a username/password on the service side, as opposed to a
> keytab, the KerbyGssAppTest does not work, as GssAcceptCred is only written
> to handle keytabs.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
