I read an article on JAAS/GSS SSO @ http://www-106.ibm.com/developerworks/java/library/j-gss-sso/ , and found it to be informative (there's almost an exact-same tutorial on the official JAAS website). I'm working on a kerberos project that does nearly the exact same thing (1 kdc machine, 1 server machine, 1 client machine), but I had a question regarding a general understanding of how kerberos works:
So, the server has a key which it shares with the KDC. The server uses this key to decrypt incoming sub-session tickets from a client that wants to connect to it. In the tutorial, I manually type in the server's login/password to log in to the KDC and retrieve the encrypted form of its key. My first question is whether or not this key expires (like a ticket does). If it does expire, my second question is that in my system, my server is going to be locked away in a room somewhere, and I do not want to have some guy going in there and entering in the login/password for the server everytime it needs to get a fresh key. I could just hardcode the login/password into the code or save the session key on disk, but that seems insecure. What do most kerberos network administrators do about this problem? If it doesn't expire, does this mean that after the initial exchange between the server and the KDC at program startup that there is no network activity at all between the KDC and the server? Any insight on these questions would be greatly appreciated. Thanks, David ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
