I have been playing with the Sun GSS/Kerberos sample code in
http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/ClientServer.html
and noticed that the client in this scenario needs only a Kerberos
ticket (for example, obtained from an initial Windows logon), whereas
the server needs a key (secret information)|. |This creates a key
management problem for our servers, which I would like to avoid.
Why is it that the server needs a key, when in principle, a ticket
should be enough to prove one's identity?
Oliver Schoett
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
