Hi,
The TGS_REP has {Service Ticket} Kservice.
The client receives Service Ticket from TGS encrypted with Application Service
private key.
The Application Service has to be configured (user setup) with the private key
(exported ktadd command) and service should use it to decrypt the Service
Ticket.
Here is sample ktadd command from
http://techpubs.spinlocksolutions.com/dklar/kerberos.html.
ktadd -k /etc/krb5.keytab -norandkey host/monarch.spinlock.hrRegards,
Miten.
________________________________
From: Abdelrahman Almahmoud <[email protected]>
To: "[email protected]" <[email protected]>
Sent: Monday, October 15, 2012 11:01 AM
Subject: How to Kerberize a java service
Hi All,
We are currently in the process of kerberising Java services but there is a
step that is not clear. When the client receives a service ticket and sends it
to the service, how does the service verify and decrypt the ticket?From my
understanding of the protocol, the service ticket is encrypted using the hash
of the service password. Can I produce this hash on the service and use it to
decrypt the ticket or is there another standard way of doing this?We use MIT
kerberos V5 and the client uses JAAS to login to Kerberos, then writes the
ticket to a file which will be sent to the service
Thanks
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
