Smart Cards in Java Kerberos

Ostap Andrusiv pifostap at gmail.com
Tue Jun 25 05:52:18 PDT 2013


Hi everyone,

I've been playing with smart cards and faced some issues.
Long story short:

*Prerequisites*:

   - I set up a basic Kerberos realm via Windows Active Directory.
   - I managed to successfully login into service via *login/password* pair
   using Java Kerberos(Krb5LoginModule), which is provided via JAAS.

Now I try to implement Kerberos login via smart card. Smart card
preauthentication in Kerberos is done via AS-REQ/AS-REP messages (
PA-PK-AS-REQ/P extensions). Unfortunately, JAAS Kerberos hasn't used the
smartcard. As far as I have seen, there were no PA-PK-AS-REQ/P extensions
in openjdk sources. Maybe, I missed something.

*Question*:

1. Does Java Kerberos support smart card preauthentication out of the box?

2. If it doesn't, can I somehow extends existing Kerberos module or should
I implement whole Kerberos from the ground up?


Thanks in advance,
Ostap Andrusiv

web: http://andrusiv.com
skype: ostap.andrusiv
::p!F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/security-dev/attachments/20130625/2f541524/attachment.html 


More information about the security-dev mailing list