interop - Java/C# Kerberos inter-op possible? -
I implemented a Kerberos server / client using sockets in Java, where the client sends their service-TGT to the server And the server knows that the client is authentic.
My main concern is that 'Man-in-the-Middle' attack can catch a TGT person, and pretend to be a customer
In pure Java implementation , This is not a problem, because the forward communication service is encrypted with session keys (GSSContext.wrap () / GSSContext.unwrap ()), which snapper does not have.
But the client application should be rewritten in C #.
I understand two of my options to keep the encrypted communication:
- Write your own wrap () and open () methods C #
- Use SSL / TLS.
Option 1 is possible before I see SSL as an option? Option 1 contains some heavy code porting, which may or may not have time for you.
Option 2 sounds good.
Option 3 That depends on your odds, use a private encrypted TCP channel, which should be faster than SSL / TLS, but as I said it may not be applicable. This session can use initial symmetric encryption by key (which is hidden)
Comments
Post a Comment