Smart Cards in Java Kerberos
pifostap at gmail.com
Tue Jun 25 05:52:18 PDT 2013
I've been playing with smart cards and faced some issues.
Long story short:
- I set up a basic Kerberos realm via Windows Active Directory.
- I managed to successfully login into service via *login/password* pair
using Java Kerberos(Krb5LoginModule), which is provided via JAAS.
Now I try to implement Kerberos login via smart card. Smart card
preauthentication in Kerberos is done via AS-REQ/AS-REP messages (
PA-PK-AS-REQ/P extensions). Unfortunately, JAAS Kerberos hasn't used the
smartcard. As far as I have seen, there were no PA-PK-AS-REQ/P extensions
in openjdk sources. Maybe, I missed something.
1. Does Java Kerberos support smart card preauthentication out of the box?
2. If it doesn't, can I somehow extends existing Kerberos module or should
I implement whole Kerberos from the ground up?
Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security-dev