Java-Kerberos Demo Applet

See the Notes section for browser and firewall compatibility issues.

Get a TGT and service ticket by pressing "Login". Then send a message to the application server by pressing "Send". The application server will first be authenticated, then the message will be encrypted and sent. The server will reply with your message enclosed in arrow brackets. Pressing "Send" again will reuse the same connection, unless you press "Close" in between.

The password is "foo".

The source (for the applet).

Notes:

  1. The demo site has now been tested successfully with Microsoft Internet Explorer 3.0 and 4.0. Normally, the Java runtimes bundled with these browsers do not allow an unauthenticated applet to determine the IP address of the local host. However, some KDCs require the client to identify its own host address. Unfortunately, our current demo KDC has this requirement. We have now added a signed CAB file for use by these Microsoft browsers. In order to validate the signature of the signed CAB file you must update your browser to Microsoft Authenticode 2.0. Note: Microsoft has a web site which tests your browser to see if the Authenticode 2.0 update is needed. However, in some cases it may say your browser is up-to-date, when in fact it is not. If you are unable to run the Java-Kerberos Demo applet, and the page says you are up-to-date, try reinstalling the Authenticode 2.0 Update anyway, then try the demo again after following the update instructions. See Microsoft Authenticode 2.0 Update for the update instructions.

  2. It has been reported that Netscape Navigator 3.01 and Netscape Communicator, when runnning on Linux 2.0.29, also have problems determining the client's own IP address from within an applet.

  3. If your firewall does not allow outbound connections to port 88 you may not be able to contact the Kerberos KDC. Also, this may be an issue for the application server which is running on port 8891. There are various ways around these issues when using the java-kerberos libraries.

  4. If you are using the HotJava browser you may have to adjust your security settings to allow the applet to connect back to the web server host.

For more information contact Tom Sanfilippo.

Last updated September 14, 1999