[3537] in java-interest
Re: How java apps get krb tickets?
daemon@ATHENA.MIT.EDU (gwz@geek.ocsg.com)
Wed Nov 15 21:00:58 1995
From: gwz@geek.ocsg.com
To: mrm@puffin.Eng.Sun.COM (Marianne Mueller)
Cc: java-kerberos@lists.stanford.edu, www-kerberos@lists.stanford.edu,
java-interest@java.Eng.Sun.COM
In-Reply-To: Your message of "Wed, 15 Nov 1995 12:10:54 PST."
<9511152010.AA27526@puffin.Eng.Sun.COM>
Date: Wed, 15 Nov 1995 13:30:27 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Content-Type: text/plain; charset=us-ascii
Marianne ~
>
> In JDK 1.0, an applet cannot read or write files on a remote client,
> so I don't think it can get a Kerberos ticket in that way. (By
> client, I mean a Java-enabled browser running on a desktop computer.)
>
That's unfortunate, since it eliminates the transparency of using Kerberos.
> What you could do is implement some style of server-side persistent
> data, which applets can access. I guess for Kerberos, this isn't any
> good, since the whole point is that you don't want to expose the
> Kerberos private-ticket traffic to IP.
>
True.
> Maybe the problem of bootstrapping Kerberos security is similar to the
> key management conundrum.
I don't understand this comment. If I have a Kerberos TGT, I already have a
key -- it's been distributed, it's being managed (sort of :-), the problem is
that Java can't use it.
> Short term, people might could get around
> some of the key management problems by keeping a set of public keys on
> their local hard disks, and not attempting to get those over IP.
> Physical devices like smart cards might also gain popularity as a way
> to store and share public keys.
>
If an applet can't access local files, I'm not sure how this helps anything,
in the Java case. Or am I missing your point?
> Marianne
> Java Products Group
~ gwz
Glen Zorn Senior Scientist Voice: 206-883-8721
gwz@cybersafe.com CyberSAFE Corporation FAX: 206-883-6951
Since I was forced to write it by the alien parasite which attached itself to
my brain stem during my recent visit to an isolated area of Northern Arizona,
it could hardly be construed that this message would reflect either the
opinions or the policies of my employer.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMKpb6zUVUtyACBApAQHTXAP+KXVwzE4a5d6AsCbyoEx85BrVDmhQwW2x
pt9CqOmvv9B9Cc+YefCTfl7DYPA7b6f3yDXvOYZ0FssJjCIp4CA4PZvBbN3q0u2z
gmX0vEO1XBzNG/3aR9sUwkWuPT7QdqSLgK+qL4K7dGXJVgisXhy8DVOvDqE9yhTm
PF9m8Pdhiog=
=l4Ow
-----END PGP SIGNATURE-----
-
This message was sent to the java-interest mailing list
Info: send 'help' to java-interest-request@java.sun.com
