I want to use the vnc applet client ,and need to modify the source code for kerberos authentication and data encryption. So I want the applet to be as easy to use as possible, and I hope no local file would be used in this process(for applet cannot visite local files without changing the security policy). I think that the example in this page( http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/BasicClientServer.html ) quite fits my needs, except that it's not a applet. This gssapi example uses no ticket cache files, and the user just needs to enter their kerberos username and password. But the Krb5LoginModule it uses only supports standard input and output, like this: D:\test\client>java -Djava.security.krb5.realm=stg.com -Djava.security.krb5.kdc=192.168.100.100 -Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.auth.login.config=bcsLogin.conf SampleClient vnc/gdnode014 192.168.100.14 4444 Connected to server /192.168.100.14 Kerberos username [Administrator]: test/admin test/admin 的 Kerberos key: xxxxxx Will send token of size 453 from initSecContext. Will read input token of size 114 for processing by initSecContext Context Established! Client is test/[EMAIL PROTECTED] Server is vnc/gdnode014 Mutual authentication took place! Will send wrap token of size 61 Will read token of size 37 Verified received MIC for message. Exiting...
In a word, I want an applet implement which demonstrating the use of the Java GSS-API for secure exchanges of messages, without using local files. The user doesn't need to know any detail of kerberos or gssapi, and what they need to do is just to open an IE, go to my site, enter their username and password. Is there such implements already beening developed? Or I have to read the source code of Krb5LoginModule, and develop my own LoginModule for java applet? Thank you for any help! -- LiZhong ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos