views:

21

answers:

0

An application written in Java needs to store passwords to external services per user. Within the application the user itself authenticates against a KDC using Kerberos (basically creating a LoginContext utilizing Jaas).

I would like to store the encrypted secrets to other services in some kind of file (XML?) at the applications location. Secrets could be login/password combinations to not Kerberos enabled Databases (MySQL...). Is there a better approach than the one I suggest - maybe a better location to store the information?

Is it possible, to use some of the already existing information from LoginContext to encrypt data in such a way, that only the same Subject (person or service) can decrypt the information?

UPDATE:

I would like to rephrase the question a little. Basically what I need is some kind of secret, that can only be received by an authenticated user. Is there something like this?

Otherwise I would probably use some kind of salted hash of a subjects name as a secreat. I know this can be guessed, but it provides additional secruity to solutions as proposed e.g. in http://stackoverflow.com/q/258299/439692.