|
||||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |
See:
Description
Interface Summary | |
AuthorizationDataElement | An interface to a Kerberos authorization data component. |
EncryptionKey | An interface to a Kerberos encryption key, which includes a key type, and a key value. |
PaData | An interface to pre-authentication data passed to an Authentication or Ticket Granting service in a ticket request or returned from the service in a response. |
Ticket | An interface to a Kerberos v5 Ticket, special cases of which are Ticket Granting Tickets (TGTs) and service Tickets. |
TicketFlags | An interface to a Kerberos Ticket's ticket flags, indicating which ticket options were used or requested when the ticket was issued. |
Class Summary | |
APOptions | A class to represent options which can be set with an application request to affect the way it is processed by the recipient. |
Checksum | A class representing a Kerberos checksum. |
FileCredentialStore | An implementation of CredentialStore for MIT v5 credential caches. |
FileKeyTab | A KeyTab implementing the MIT v5 keytab. |
KDCOptions | A class to represent options for flags to be set in a ticket to be requested from an Authentication Service or a Ticket Granting Service. |
Kerberos | This is the main class and point of entry to the kerberos package, providing Kerberos-level services to both Kerberos clients and servers. |
KerberosContext | A class for storing contextual information required by a Kerberos instance. |
KerberosKey | An implementation of EncryptionKey for use in initial authentication. |
LastReqElement | A class to represent a component of a LastReq sent by an Authentication Service or a Ticket Granting Service in response to a ticket request. |
PaEncTimestamp | A concrete PaData implementation class for encrypted timestamp pre-authentication. |
PrincipalName | A class representing a Kerberos principal's name. |
Exception Summary | |
CryptoException | An Exception for general crypto exceptions in Kerberos |
DecryptionException | An exception indicating decryption failures |
KerberosError | An Exception for an abnormal condition indicated by the receipt of a KrbError message from the KDC or a Kerberized application. |
KerberosException | An exception representing an exceptional condition in using the Kerberos service. |
NotYetDecryptedException | An exception thrown when access is made to a field belonging to the encrypted part of a message before a successful decryption is performed. |
This package defines the main Kerberos 5 interfaces and classes.
Kerberos 5 is defined in IETF RFC 1510 "The Kerberos Network Authentication Service (V5)".
The main classes in this package are
Kerberos
which supplies ticket requesting methods and a point of entry into
the GSS-API implementation, KerberosContext
which is a store of contextual information needed by
Kerberos
,
FileCredentialStore
and
com.dstc.security.kerberos.FileKeyTable
which are
implementations of MIT Kerberos-compatible file-based credential caches
and keytabs.
A prime example of a Kerberos application requiring ticket requesting
methods in the
Kerberos
class is the standard Kerberos
kinit utility. A sample implementation of
kinit is distributed as a JCSI example. In many cases, especially where
single sign on (SSO) is in operation, a native kinit (or kinit-like
utility) is used to obtain the tickets (particularly, the TGT) which are
stored in a credential cache. As long as the TGTs from the native credential
cache are available as
instances of Credential
,
the current package can be used for secure application-level messaging.
Support is built-in for systems which use a MIT Kerberos-compatible
file credential cache, via the
FileCredentialStore
class.
For systems using other credential caches, the
CredentialStore
interface
can be implemented and used instead.
The current release supports application-level messaging only through the GSS-API. It implements RFC 1964 "The Kerberos Version 5 GSS-API Mechanism" at the mechanism level, and RFC 2853 "Generic Security Services API Version 2: Java Bindings". Only DES encryption is supported in this release.
As a source of
Credential
, for GSS-API
context initiators only
CredentialStore
is currently supported whereas on the context acceptor side, only
KeyTab
is currently
supported. Support for MIT Kerberos-style file-based keytabs is built-in,
via the
FileKeyTab
class.
|
||||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |