[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Heimdall & Java, basic concepts



Hello all,

I'm trying to authenticate and give permissions to users by using kerberos V (with heimdal) and JAAS module.

I am a little bit confused with some concepts, maybe someone could help me to clarify them.

JAAS uses the term Subject to refer to any entity that is the source of a request to access resources. A Subject may be a user or a service. Thus a Subject is comprised of a set of principals. A Subject may also have security related attributes, which are referred to as credentials. The credentials can be public or private. Sensitive credentials such as private cryptographic keys are stored in the private credentials set of the Subject.

With Sun's implementation of a login module for the Kerberos version 5 protocol, upon successful authentication the Ticket Granting Ticket (TGT) is stored in the Subject's private credentials set and the Kerberos principal is stored in the Subject's principal set.

How can I define with heimdall that a concrete principal has access to several services?

What should I do to define with heimdall a subject comprised of a set of principals?

Thank you very much in advance.

best regards.

Javi Garzon