-
Bug
-
Resolution: Won't Fix
-
P3
-
None
-
1.0ea
-
None
-
generic
-
solaris_8
Ideally, all Kerberos related packages should use javax.security.auth.kerberos.KerberosTicket/KerberosKey for credentials.
JAAS login modules are reuired to store credentials from the above package into the Subject they are populating. JGSS Krb5 mechanism subclasses the classes in the above package to obtain initiate and accept credentials for Kerberos.
However, sun.security.krb5 and its subpackages deal with sun.security.krb5.Credentials and sun.security.krb5.EncryptionKey. Thus anytime the JGSS Krb5 mechanism needs to obtain a credential or use a credential, there are translations between the variants in javax.security.auth.kerberos and sun.security.krb5.
Some profiling should be done to see what percentage of time is spent converting credentials from one format to another. If that is significant, code should be rewritten to minimize the translations. It might even be required to do the inevitable and convert the sun.security.krb5 packages to use the javax.security.auth.kerberos classes.
JAAS login modules are reuired to store credentials from the above package into the Subject they are populating. JGSS Krb5 mechanism subclasses the classes in the above package to obtain initiate and accept credentials for Kerberos.
However, sun.security.krb5 and its subpackages deal with sun.security.krb5.Credentials and sun.security.krb5.EncryptionKey. Thus anytime the JGSS Krb5 mechanism needs to obtain a credential or use a credential, there are translations between the variants in javax.security.auth.kerberos and sun.security.krb5.
Some profiling should be done to see what percentage of time is spent converting credentials from one format to another. If that is significant, code should be rewritten to minimize the translations. It might even be required to do the inevitable and convert the sun.security.krb5 packages to use the javax.security.auth.kerberos classes.