Re: How to use gssapi in java applet? - Kerberos

This is a discussion on Re: How to use gssapi in java applet? - Kerberos ; On Thu, 2006-09-28 at 12:21 +0800, lizhong wrote: > Hi all, > I'm trying to build a applet client to connect to the gss-server.c program(in kerberos/src/app/gss-sample). I read this page: > http://java.sun.com/j2se/1.5.0/docs/...entServer.html > And I have already built a java ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Re: How to use gssapi in java applet?

  1. Re: How to use gssapi in java applet?

    On Thu, 2006-09-28 at 12:21 +0800, lizhong wrote:
    > Hi all,
    > I'm trying to build a applet client to connect to the gss-server.c program(in kerberos/src/app/gss-sample). I read this page:
    > http://java.sun.com/j2se/1.5.0/docs/...entServer.html
    > And I have already built a java application client to connect to the C server. Like this:
    > D:\test\client>java -Djava.security.krb5.realm=stg.com -Djava.security.krb5.kdc=192.168.100.100 -Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.auth.login.config=bcsLogin.conf SampleClient vnc/gdnode014 192.168.100.14 4444
    > Connected to server /192.168.100.14
    > Kerberos username [Administrator]: test/admin
    > test/admin 的 Kerberos key: xxxxxx
    > Will send token of size 453 from initSecContext.
    > Will read input token of size 114 for processing by initSecContext
    > Context Established!
    > Client is test/admin@stg.com
    > Server is vnc/gdnode014
    > Mutual authentication took place!
    > Will send wrap token of size 61
    > Will read token of size 37
    > Verified received MIC for message.
    > Exiting...
    >
    > D:\test\client>
    >
    > But how can I change this client to a applet? I have two questions:
    > 1.How can I use the parameters of cmd "java"(such as " -Djava.security.krb5.realm=stg.com ") to start the applet?


    With command line argument starting with "-D" you define java system
    properties. Same you can do with API System.setProperty()

    > 2.How can I input the username and password? In the java application, this work is done by token = context.initSecContext(token, 0, token.length), and the output/input are in the stdio form.


    You should continue to read the tutorial, namely the "JAAS
    Authentication" part of it. It is not context.initSecContext() who asks
    you for password, but default callback handler of the JAAS
    "Krb5LoginModule" authentication module. You can develop your own
    callback handler in swing if you wish.

    regards, vadim tarassov
    >
    > Thank you for any help!
    >
    > --
    > LiZhong
    >
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos


    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. How to use gssapi in java applet?

    I want to use the vnc applet client ,and need to modify the source code for kerberos authentication and data encryption. So I want the applet to be as easy to use as possible, and I hope no local file would be used in this process(for applet cannot visite local files without changing the security policy). I think that the example in this page( http://java.sun.com/j2se/1.5.0/docs/...entServer.html ) quite fits my needs, except that it's not a applet. This gssapi example uses no ticket cache files, and the user just needs to enter their kerberos username and password. But the Krb5LoginModule it uses only supports standard input and output, like this:
    D:\test\client>java -Djava.security.krb5.realm=stg.com -Djava.security.krb5.kdc=192.168.100.100 -Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.auth.login.config=bcsLogin.conf SampleClient vnc/gdnode014 192.168.100.14 4444
    Connected to server /192.168.100.14
    Kerberos username [Administrator]: test/admin
    test/admin 的 Kerberos key: xxxxxx
    Will send token of size 453 from initSecContext.
    Will read input token of size 114 for processing by initSecContext
    Context Established!
    Client is test/admin@stg.com
    Server is vnc/gdnode014
    Mutual authentication took place!
    Will send wrap token of size 61
    Will read token of size 37
    Verified received MIC for message.
    Exiting...

    In a word, I want an applet implement which demonstrating the use of the Java GSS-API for secure exchanges of messages, without using local files. The user doesn't need to know any detail of kerberos or gssapi, and what they need to do is just to open an IE, go to my site, enter their username and password.
    Is there such implements already beening developed? Or I have to read the source code of Krb5LoginModule, and develop my own LoginModule for java applet?
    Thank you for any help!

    --
    LiZhong

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  3. Re: How to use gssapi in java applet?

    Here are your options:

    1) Install the Kerberos configuration file instead of using system
    properties
    "java.security.krb5.kdc" and "java.security.krb5.realm".
    2) Set system properties via java.lang.System class
    e.g System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    3) Configure the Krb5LoginModule programmatically.

    Refer to following for details:

    http://java.sun.com/j2se/1.5.0/docs/...onfigFile.html
    http://java.sun.com/j2se/1.5.0/docs/...iguration.html
    http://java.sun.com/j2se/1.5.0/docs/...tionEntry.html

    Seema

    lizhong wrote On 09/29/06 02:44,:

    >I want to use the vnc applet client ,and need to modify the source code for kerberos authentication and data encryption. So I want the applet to be as easy to use as possible, and I hope no local file would be used in this process(for applet cannot visite local files without changing the security policy). I think that the example in this page( http://java.sun.com/j2se/1.5.0/docs/...entServer.html ) quite fits my needs, except that it's not a applet. This gssapi example uses no ticket cache files, and the user just needs to enter their kerberos username and password. But the Krb5LoginModule it uses only supports standard input and output, like this:
    >D:\test\client>java -Djava.security.krb5.realm=stg.com -Djava.security.krb5.kdc=192.168.100.100 -Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.auth.login.config=bcsLogin.conf SampleClient vnc/gdnode014 192.168.100.14 4444
    >Connected to server /192.168.100.14
    >Kerberos username [Administrator]: test/admin
    > test/admin � Kerberos key: xxxxxx
    >Will send token of size 453 from initSecContext.
    >Will read input token of size 114 for processing by initSecContext
    >Context Established!
    >Client is test/admin@stg.com
    >Server is vnc/gdnode014
    >Mutual authentication took place!
    >Will send wrap token of size 61
    >Will read token of size 37
    >Verified received MIC for message.
    >Exiting...
    >
    >In a word, I want an applet implement which demonstrating the use of the Java GSS-API for secure exchanges of messages, without using local files. The user doesn't need to know any detail of kerberos or gssapi, and what they need to do is just to open an IE, go to my site, enter their username and password.
    >Is there such implements already beening developed? Or I have to read the source code of Krb5LoginModule, and develop my own LoginModule for java applet?
    >Thank you for any help!
    >
    >--
    >LiZhong
    >
    >________________________________________________
    >Kerberos mailing list Kerberos@mit.edu
    >https://mailman.mit.edu/mailman/listinfo/kerberos
    >
    >



    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread