This class encapsulates a Kerberos ticket and associated information as viewed from the client's point of view. It captures all information that the Key Distribution Center (KDC) sends to the client in the reply message KDC-REP defined in the Kerberos Protocol Specification (
RFC 4120 ).
All Kerberos JAAS login modules that authenticate a user to a KDC should use this class. Where available, the login module might even read this information from a ticket cache in the operating system instead of directly communicating with the KDC. During the commit phase of the JAAS authentication process, the JAAS login module should instantiate this class and store the instance in the private credential set of a Subject
.
It might be necessary for the application to be granted a PrivateCredentialPermission
if it needs to access a KerberosTicket
instance from a Subject
. This permission is not needed when the application depends on the default JGSS Kerberos mechanism to access the KerberosTicket
. In that case, however, the application will need an appropriate ServicePermission
.
Note that this class is applicable to both ticket granting tickets and other regular service tickets. A ticket granting ticket is just a special case of a more generalized service ticket.