SSL

This page (revision-8) was last changed on 02-Dec-2016 00:49 by Dieter Käppel

This page was created on 12-Jun-2013 12:22 by Dieter Käppel

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
8 02-Dec-2016 00:49 2 KB Dieter Käppel to previous
7 02-Dec-2016 00:49 2 KB Dieter Käppel to previous | to last
6 02-Dec-2016 00:37 2 KB Dieter Käppel to previous | to last
5 14-Jun-2013 12:20 662 bytes Dieter Käppel to previous | to last
4 13-Jun-2013 13:03 566 bytes Dieter Käppel to previous | to last
3 12-Jun-2013 14:15 552 bytes Dieter Käppel to previous | to last
2 12-Jun-2013 14:08 485 bytes Dieter Käppel to previous | to last
1 12-Jun-2013 12:22 283 bytes Dieter Käppel to last

Page References

Incoming links Outgoing links
SSL ...nobody
SSL

Version management

Difference between version and

At line 4 changed one line
Smartcards might use Kerberos V5 authentication with X.509 v3 certificates. (Kann auch NTLM genutzt werden?)
Smartcards uses Kerberos V5 authentication with X.509 v3 certificates.
At line 10 removed 34 lines
!!NTLM
* [http://davenport.sourceforge.net/ntlm.html]
!!SPNEGO
* [http://msdn.microsoft.com/en-us/library/ms995330.aspx]
!!!Kerberos v5
Dieses Verfahren unterstützt Public-Private-Challenges, Smart-Card-Authentification und digitale Signatur.
In Java steht dafür das GSS-System zur Verfügung, der Einstiegspunkt ist GSSManager.getInstance(). Die kryptographischen Verfahren werden durch OIDs ausgewählt:
{{{
Oid krb5 = new Oid("1.2.840.113554.1.2.2");
Oid spnego = new Oid("1.3.6.1.5.5.2");
}}}
Server-Credentials erzeugen:
{{{
GSSCredential credentials = manager.createCredential(null, GSSCredential.DEFAULT_LIFETIME, spnegoMechOid, GSSCredential.ACCEPT_ONLY);
}}}
!!Links
* [http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html]
* [http://thejavamonkey.blogspot.de/2008/04/clientserver-hello-world-in-kerberos.html]
* [https://forums.oracle.com/message/6387090]
* [http://pic.dhe.ibm.com/infocenter/wasinfo/v8r0/index.jsp?topic=%2Fcom.ibm.websphere.zseries.doc%2Finfo%2Fzseries%2Fae%2Frsec_SPNEGO_config_krb5.html]
* [http://s2.diffuse.it/blog/show/6602-SPNEGO_authentication_and_credential_delegation_with_Java]
Mit Kerberos v5 können komplexe Protokolle realisiert werden, allerdings nur mit entsprechender Konfiguration. Es besteht die Möglichkeit, die Parameter durch System-Properties in Java zu setzen oder in einer krb5.conf festzulegen:
* [http://stackoverflow.com/questions/1431999/java-and-kerberos-authentication-krb5-conf-versus-system-setproperty]