public class UserAuthGSSAPIWithMIC extends UserAuth
gssapi-with-mic
as described in RFC 4462, section 3, which works by using the
GSS-API on both client and server.
For now, we only support the mechanism 1.2.840.113554.1.2.2, i.e. Kerberos 5 authentication (but more could be added by simply changing some private constants in the class, and adding the corresponding GSSContext implementation).
For the actual method-specific calculations we use an implementation
of GSSContext which wraps a GSS-API implementation.
We will get an implementation class name from the configuration,
then instantiate it with the no-argument constructor. To create a context,
the create method will be called. After this,
we initialize the context with init (using
maybe more than one such call) to authenticate the user. Then we use
once getMIC to sign some data (containing the
SSH session identifier), increasing resistance against man-in-the-middle
attacks (where the session identifier will be different on both sides).
buf, packet, SSH_MSG_USERAUTH_BANNER, SSH_MSG_USERAUTH_FAILURE, SSH_MSG_USERAUTH_INFO_REQUEST, SSH_MSG_USERAUTH_INFO_RESPONSE, SSH_MSG_USERAUTH_PK_OK, SSH_MSG_USERAUTH_REQUEST, SSH_MSG_USERAUTH_SUCCESS, userinfo, username| Constructor and Description |
|---|
UserAuthGSSAPIWithMIC() |
| Modifier and Type | Method and Description |
|---|---|
boolean |
start(Session session)
Does the actual authentication, i.e. sends the necessary packets
to the other side and receives some from there.
|
This is an inofficial Javadoc created by PaĆlo Ebermann. Have a look at the official homepage.