When the service ticket generated by the client is sent to the server, GSSContext acceptSecContext method is to decode the such ticket that was encoded by the KDC.
when this method is called with the service ticket as its parameter, is the ticket actually being sent to the KDC itself to be decoded?
Otherwise wouldn't this be a security issue? because if the server can decode any valid ticket that it knows nothing about other than the some client sent to it or what or whom the ticket is for?
little confused
Any clarification is greatly appreciated.
I have read that the Application Server and KDC does communicate but I do not think that's always true.
for example, take look at the sample server code
The application server logs in to get context
LoginContext loginCtx = null;
loginCtx = new LoginContext("SPN", new LoginCallbackHandler( id, password ));
loginCtx.login();
Subject subject = loginCtx.getSubject();
then using that sujbect, it will perform previlege doAs
Subject.doAs( subject, new PrivilegedAction<String>() {
public void run() {
try {
GSSManager manager = GSSManager.getInstance();
GSSContext context = manager.createContext( (GSSCredential) null);
context.acceptSecContext( serviceTicket, 0, serviceTicket.length);
// now do something with decoded ticket
}
...
}
No, the application server and the
KDCdo not communicate.That's why you have to copy the
keytabgenerated on theKDConto the application server before using the system.The server tries to decrypt the ticket and if he's able to do so then he assumes the ticket was generated by the
KDC, because he's the only person who knows the password, then it's a valid ticket.Pre-sharing keys / passwords before the system is effectively on and then never sending it over the network is a common mechanism in many authentication protocols, e.g radius