An application written in Java needs to store passwords to external services per user. Within the application the user itself authenticates against a KDC using Kerberos (basically creating a LoginContext utilizing Jaas).
I would like to store the encrypted secrets to other services in some kind of file (XML?) at the applications location. Secrets could be login/password combinations to not Kerberos enabled Databases (MySQL...). Is there a better approach than the one I suggest - maybe a better location to store the information?
Is it possible, to use some of the already existing information from LoginContext to encrypt data in such a way, that only the same Subject (person or service) can decrypt the information?
UPDATE:
I would like to rephrase the question a little. Basically what I need is some kind of secret, that can only be received by an authenticated user. Is there something like this?
Otherwise I would probably use some kind of salted hash of a subjects name as a secreat. I know this can be guessed, but it provides additional secruity to solutions as proposed e.g. in What is the best way to keep passwords configurable, without having them too easily available to the casual human reader?.
