Java/C# Kerberos inter-op possible?

I have implemented a Kerberos server/client using sockets in Java, where the client sends his service-TGT to the server, and the server knows the client is authentic.

My main concern is the snooping 'man-in-the-middle' attack. Someone could capture the TGT, and pretend to be the client.

In a pure Java implementation, this is no problem, as further communication is encrypted with the service session keys (GSSContext.wrap()/GSSContext.unwrap()), which the snooper does n开发者_Python百科ot have.

But the client app needs to be re-written in C#.

I figure my two options for keeping communication encrypted are:

1. Write my own wrap() and unwrap() methods in C#
2. Use SSL/TLS.

Is option 1 possible, before I look into SSL as an option?

Option 1 involves some heavy code porting which you may or not may have time to do. Option 2 sounds good.

There is option 3 which depends on your constraints, use a private encrypted TCP channel, which should be faster than SSL/TLS, but as I said may not be applicable. It could use symmetric encryption, having initialized by the session keys (which are secret)