The armor TGT is exactly used to provide a key to encrypt the token to protect
it from being stolen. You can obtain an armor TGT via anonymous pkinit
mechanism, right? You may wonder why it would use the armor ticket for the
encryption key, please think about otherwise how to equip clients and t
On Mon, Jul 4, 2016 at 4:01 PM, Zheng, Kai wrote:
> Regarding how to place the login module, I thought of putting it in
> kerb-client module in a separate package like 'jaas', would be good to do
> it because it sounds some useful now. We may have more such modules when
> more authentication mech
Regarding how to place the login module, I thought of putting it in kerb-client
module in a separate package like 'jaas', would be good to do it because it
sounds some useful now. We may have more such modules when more authentication
mechanisms out to be supported in future. We often draft some
Thanks Jiajia, it's working well now. With regards to the LoginModule, I
made some changes to fix some NPEs. I also changed the logic slightly, so
that if the signing key is not specified, it just reads in the token from
the cache and writes it out "as is". If the token was issued by say an
OpenId
