[14734] in Kerberos
Re: gssapi vs jaas
daemon@ATHENA.MIT.EDU (Ram Marti)
Wed Jul 25 13:19:29 2001
Date: Wed, 25 Jul 2001 10:17:30 -0700 (PDT)
From: Ram Marti <Ram.Marti@Sun.COM>
To: Nicolas Williams <Nicolas.Williams@ubsw.com>
cc: don disco <kerberoz@rediffmail.com>, "kerberos@mit.edu" <kerberos@mit.edu>
In-Reply-To: <20010725122539.B3567@sm2p1386swk.wdr.com>
Message-ID: <Pine.SOL.3.96.1010725101149.18538B-100000@mission3>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi,
To add to what Nicolas has mentioned, JAAS and Java GSS-API will be
available as a part of next release of JDK (JDK1.4) and have been
integrated to work together. Kerberos mechanism implementation will also
be available and will work with JAAS and Java GSS-API. For information on
JDK1.4 please refer to
http://java.sun.com/j2se/1.4/
You can get more information on JAAS and Java GSS-API from:
http://java.sun.com/j2se/1.4/docs/guide/security/jgss/tutorials/index.html
= Ram Marti
On Wed, 25 Jul 2001, Nicolas Williams wrote:
> On Wed, Jul 25, 2001 at 07:09:15AM -0000, don disco wrote:
> > >From my understanding Gssapi is an api that can used to access kerberos services.As there is a java Gssapi i can
> > avail kerborised services thru a client written using the java Gssapi.
> > Please let me know if my understanding is on the right track.
>
> Sort of. GSS-API lets you access services that use GSS for
> authentication and privacy/integrity protection. One GSS mechanism
> available to you is the Kerberos V GSS mechanism, which means that you
> can use Kerberos V for authentication and credentials forwarding with
> GSS-API.
>
> > If yes,Where does JAAS figure in(i.e. do JAAS and GSSAPI interact) ?
>
> JAAS, IIRC, is a Java derivative of PAM, with more fine grained
> authorization checking than PAM provides. Knowing as little as I do
> about JAAS, but knowing of its link to PAM, I would say that JAAS'
> authentication service is an initial authentication -only system, much
> like PAM's, but you probably can use the authorization side of JAAS
> independently of its authentication side to leverage JAAS in a GSS-API
> application.
>
> > Thanks in advance
> > don
> >
>
> Cheers,
>
> Nico
> --
> .
> -DISCLAIMER: an automatically appended disclaimer may follow. By posting-
> -to a public e-mail mailing list I hereby grant permission to distribute-
> -and copy this message.-
>
> Visit our website at http://www.ubswarburg.com
>
> This message contains confidential information and is intended only
> for the individual named. If you are not the named addressee you
> should not disseminate, distribute or copy this e-mail. Please
> notify the sender immediately by e-mail if you have received this
> e-mail by mistake and delete this e-mail from your system.
>
> E-mail transmission cannot be guaranteed to be secure or error-free
> as information could be intercepted, corrupted, lost, destroyed,
> arrive late or incomplete, or contain viruses. The sender therefore
> does not accept liability for any errors or omissions in the contents
> of this message which arise as a result of e-mail transmission. If
> verification is required please request a hard-copy version. This
> message is provided for informational purposes and should not be
> construed as a solicitation or offer to buy or sell any securities or
> related financial instruments.
>
>
