[3539] in java-interest
Re> Re: How java apps get krb tickets?
daemon@ATHENA.MIT.EDU (Sid Conklin)
Wed Nov 15 21:10:10 1995
Date: 15 Nov 1995 14:57:48 -0700
From: "Sid Conklin" <sid.conklin@nora.stanford.edu>
To: "Marianne Mueller" <mrm@puffin.Eng.Sun.COM>,
"normanb@citi.umich.edu" <normanb@citi.umich.edu>
Cc: "acain@snapple.ncsa.uiuc.edu" <acain@snapple.ncsa.uiuc.edu>,
"java-interest@java.Eng.Sun.COM" <java-interest@java.Eng.Sun.COM>,
"java-kerberos@lists.Stanford.EDU" <java-kerberos@lists.Stanford.EDU>,
"lsbart35@emmo.indy.cr.irs.gov" <lsbart35@emmo.indy.cr.irs.gov>,
"www-kerberos@lists.Stanford.EDU" <www-kerberos@lists.Stanford.EDU>
Marianne,
We plan on Applets access the Kerberos functionality via dynamic libraries by
native method callouts. We have this working under Solaris using Java instead
of HotJava. Do we lose this mechanism when we write an applet to take
advantage of this inside a Netscape browser and/or HotJava browser?
Someone already mentioned that applets won't have the ability to make native
calls to dynamic libraries, is this true? And if so why?
Thanks,
Sid Conklin
Stanford University
------ From: Marianne Mueller, Wed, Nov 15, 1995 ------
In JDK 1.0, an applet cannot read or write files on a remote client,
so I don't think it can get a Kerberos ticket in that way. (By
client, I mean a Java-enabled browser running on a desktop computer.)
What you could do is implement some style of server-side persistent
data, which applets can access. I guess for Kerberos, this isn't any
good, since the whole point is that you don't want to expose the
Kerberos private-ticket traffic to IP.
Maybe the problem of bootstrapping Kerberos security is similar to the
key management conundrum. Short term, people might could get around
some of the key management problems by keeping a set of public keys on
their local hard disks, and not attempting to get those over IP.
Physical devices like smart cards might also gain popularity as a way
to store and share public keys.
Marianne
Java Products Group
-
This message was sent to the java-interest mailing list
Info: send 'help' to java-interest-request@java.sun.com
