harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Edworthy" <pe...@edworthy.org>
Subject Re: Kerberos service provider
Date Wed, 07 Dec 2005 12:32:34 GMT

> Kerberos is used in java in the JAAS framework and GSS-API
> (org.ietf.jgss package).
> What about moving all Kerberos functionality to provider layer?
> I suggest the following: all public API are just wrappers that calls
> corresponding Kerberos service provider interface (SPI) methods. For
> example, a login module can use methods for AS exchanges and
> KerberosTicket class can use SPI methods to refresh a ticket.
> Did I miss something? Does anybody happy with the current design without
> Kerberos service?

I believe this is a ClassLib implementation question, I don't see that any
changes would be required in the JVM to use this.

The JDK only defines the data carriers, KerberosPrinciple, KerberosKey and
KerberosTicket. The actual logic is provided in a LoginModule which is
accessed from LoginContext which acts as a factory to authentication
providers. It is configured by file through the Configuration object.

Also the JAAS authentication implementations do not come as part of the
JRE, but are provided by additional libraries. It's all very much like JCE
or even JDBC.

So basically I think it is already pluggable, and if it weren't it
wouldn't require a JVM change only a ClassLibs change.

Sorry if it sounds harsh, I'm trying not to be

View raw message