public class UserAuthGSSAPIWithMIC extends UserAuth
gssapi-with-micas described in RFC 4462, section 3, which works by using the GSS-API on both client and server.
For now, we only support the mechanism 1.2.840.113518.104.22.168, i.e. Kerberos 5 authentication (but more could be added by simply changing some private constants in the class, and adding the corresponding GSSContext implementation).
For the actual method-specific calculations we use an implementation
GSSContext which wraps a GSS-API implementation.
We will get an implementation class name from the configuration,
then instantiate it with the no-argument constructor. To create a context,
create method will be called. After this,
we initialize the context with
maybe more than one such call) to authenticate the user. Then we use
getMIC to sign some data (containing the
SSH session identifier), increasing resistance against man-in-the-middle
attacks (where the session identifier will be different on both sides).
|Constructor and Description|
|Modifier and Type||Method and Description|
Does the actual authentication, i.e. sends the necessary packets to the other side and receives some from there.
This is an inofficial Javadoc created by Paŭlo Ebermann. Have a look at the official homepage.