Java/C# Kerberos inter-op possible?
https://stackoverflow.com/questions/1589164
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have implemented a Kerberos server/client using sockets in Java, where the client sends his service-TGT to the server, and the server knows the client is authentic.
My main concern is the snooping 'man-in-the-middle' attack. Someone could capture the TGT, and pretend to be the client.
In a pure Java implementation, this is no problem, as further communication is encrypted with the service session keys (GSSContext.wrap()/GSSContext.unwrap()), which the snooper does not have.
But the client app needs to be re-written in C#.
I figure my two options for keeping communication encrypted are:
- Write my own wrap() and unwrap() methods in C#
- Use SSL/TLS.
Is option 1 possible, before I look into SSL as an option?
Solution
Option 1 involves some heavy code porting which you may or not may have time to do. Option 2 sounds good.
There is option 3 which depends on your constraints, use a private encrypted TCP channel, which should be faster than SSL/TLS, but as I said may not be applicable. It could use symmetric encryption, having initialized by the session keys (which are secret)
