SSL

This page (revision-8) was last changed on 02-Dec-2016 00:49 by Dieter Käppel

This page was created on 12-Jun-2013 12:22 by Dieter Käppel

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
8 02-Dec-2016 00:49 2 KB Dieter Käppel to previous
7 02-Dec-2016 00:49 2 KB Dieter Käppel to previous | to last
6 02-Dec-2016 00:37 2 KB Dieter Käppel to previous | to last
5 14-Jun-2013 12:20 662 bytes Dieter Käppel to previous | to last
4 13-Jun-2013 13:03 566 bytes Dieter Käppel to previous | to last
3 12-Jun-2013 14:15 552 bytes Dieter Käppel to previous | to last
2 12-Jun-2013 14:08 485 bytes Dieter Käppel to previous | to last
1 12-Jun-2013 12:22 283 bytes Dieter Käppel to last

Page References

Incoming links Outgoing links
SSL ...nobody
SSL

Version management

Difference between version and

At line 3 changed 44 lines
!!!Microsoft
Smartcards might use Kerberos V5 authentication with X.509 v3 certificates. (Kann auch NTLM genutzt werden?)
!!Links
* [http://technet.microsoft.com/en-us/library/cc780170(v=ws.10).aspx]
* [http://technet.microsoft.com/en-us/library/bb457114.aspx]
!!NTLM
* [http://davenport.sourceforge.net/ntlm.html]
!!SPNEGO
* [http://msdn.microsoft.com/en-us/library/ms995330.aspx]
!!!Kerberos v5
Dieses Verfahren unterstützt Public-Private-Challenges, Smart-Card-Authentification und digitale Signatur.
In Java steht dafür das GSS-System zur Verfügung, der Einstiegspunkt ist GSSManager.getInstance(). Die kryptographischen Verfahren werden durch OIDs ausgewählt:
{{{
Oid krb5 = new Oid("1.2.840.113554.1.2.2");
Oid spnego = new Oid("1.3.6.1.5.5.2");
}}}
Server-Credentials erzeugen:
{{{
GSSCredential credentials = manager.createCredential(null, GSSCredential.DEFAULT_LIFETIME, spnegoMechOid, GSSCredential.ACCEPT_ONLY);
}}}
!!Links
* [http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html]
* [http://thejavamonkey.blogspot.de/2008/04/clientserver-hello-world-in-kerberos.html]
* [https://forums.oracle.com/message/6387090]
* [http://pic.dhe.ibm.com/infocenter/wasinfo/v8r0/index.jsp?topic=%2Fcom.ibm.websphere.zseries.doc%2Finfo%2Fzseries%2Fae%2Frsec_SPNEGO_config_krb5.html]
* [http://s2.diffuse.it/blog/show/6602-SPNEGO_authentication_and_credential_delegation_with_Java]
Mit Kerberos v5 können komplexe Protokolle realisiert werden, allerdings nur mit entsprechender Konfiguration. Es besteht die Möglichkeit, die Parameter durch System-Properties in Java zu setzen oder in einer krb5.conf festzulegen:
* [http://stackoverflow.com/questions/1431999/java-and-kerberos-authentication-krb5-conf-versus-system-setproperty]
!!!Certificates erzeugen
!!Client Authentication Certificate
[http://www.impetus.us/~rjmooney/projects/misc/clientcertauth.html]
!!!Links
* [http://www.impetus.us/~rjmooney/projects/misc/clientcertauth.html]