Single sign on problem with kerberos in Windows XP

Jeffrey Altman jaltman2 at nyc.rr.com
Fri Dec 31 09:49:26 EST 2004


The Java and MIT Kerberos for Windows are unrelated.
If you are logging into Windows XP which is part of a domain
you need to use the JAAS interface to obtain tickets from the
Microsoft LSA credential cache.  Java requires a DES form of
the TGT.  DES TGTs obtained via JAAS will not be stored in the
LSA credential cache and will therefore not be visible from
outside Java.

Jeffrey Altman


Miika Parvio wrote:

> Hello!
> 
> I'm building application, which tries to authenticate against AD server( 
> Windows 2003 server). I'm using JAAS and JNDI and 
> com.sun.security.auth.module.Krb5LoginModule class to handle 
> authentication. I have managed to authenticate using SSO. Only problem 
> is that client machine (Windows XP pro, service pack 1) is lost TGT. For 
> example if I lock and unlock the work station and then then run my test 
> program, everyting works well. But after a couple minutes (about 15-20 
> minutes) when I'm running my test program again, it cannot find any TGT 
> tickets from cache. I have checked that expiration time of TGT is 10 
> hours, so that cannot be a problem. Is there some kind of bug in Windows 
> XP or what? Does any one know what should I do? I have tried to solve 
> this problem many days without any progress. I'm using JDK 1.5 and I 
> have installed MIT kerberos for windows 2.6.5 to my client. Do I need to 
> install it also to the server?
> 
> 
> Friendly
> 
> Miika Parvio
> 

-- 
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu


More information about the Kerberos mailing list