-
Enhancement
-
Resolution: Fixed
-
P3
-
1.0
-
beta
-
generic
-
generic
-
Verified
Consider the case of an application that uses Kerberos.
After the JAAS login on the client side, the Subject contains a
java.security.auth.kerberos.KerberosPrincipal and
java.security.auth.kerberos.KerberosTicket. The GSS mechanism uses
these to establish a security context with the server.
On the server side, the application obtains a GSSName and a delegated
GSSCredential from the established security context. It should then
be able to pull out the mechanism specific elements (GSSCredentialSpi
and GSSNameSpi) and populate a JAAS Subject with them and use this Subject to perform actions on behalf of the client.
This RFE is to suggest that a mechanism be provided using which a Subject can be populated with the GSS Credential and GSS Name that a server has received in a GSS security context.
After the JAAS login on the client side, the Subject contains a
java.security.auth.kerberos.KerberosPrincipal and
java.security.auth.kerberos.KerberosTicket. The GSS mechanism uses
these to establish a security context with the server.
On the server side, the application obtains a GSSName and a delegated
GSSCredential from the established security context. It should then
be able to pull out the mechanism specific elements (GSSCredentialSpi
and GSSNameSpi) and populate a JAAS Subject with them and use this Subject to perform actions on behalf of the client.
This RFE is to suggest that a mechanism be provided using which a Subject can be populated with the GSS Credential and GSS Name that a server has received in a GSS security context.