Java sample for SSO using JAAS on XP SP2, did anybody get itto work?
Seema Malkani
Seema.Malkani at Sun.COM
Mon Apr 4 17:36:24 EDT 2005
Although currently Java Kerberos does not support RC4-HMAC etype, this
is not a problem with the encryption type.
JAAS Kerberos authentication does succeed when the user provides the
login/password; this means user has enabled "DES" for this account. If
the AD account settings have "use DES encryption" enabled, DES etype
will be used; and the native TGT in the ticket cache would have a DES key.
We are looking into providing support for RC4-HMAC encryption type in
Java Kerberos, in a future J2SE release.
Seema
Markus Moeller wrote:
>Could it be a problem with the encryption types ? Windows default is
>rc4-hmac which isn't supported by Suns JAAS.
>
>Markus
>
>"vadim" <vadim.tarassov at swissonline.ch> wrote in message
>news:1112532703.5072.0.camel at localhost.localdomain...
>
>
>>Hallo,
>>
>>read this:
>>
>>http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html
>>
>>Regards, vadim tarassov
>>
>>On Fri, 2005-04-01 at 17:05 -0600, Bajpai, Atul wrote:
>>
>>
>>>Hi all,
>>>I am using a JAAS sample to try SSO on windows. My problem is When I use
>>>the Krb5LoginModule I am always prompted for a username and password. I
>>>want my app to get the kerberos ticket for the currently logged in user
>>>(which is me) without being prompted for username/password. To
>>>understand the problem I set debug=true and following is the output I
>>>get before I get prompted for username/pwd
>>>===================================
>>>Debug is true storeKey false useTicketCache true useKeyTab false
>>>doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config
>>>is true principal is null tryFirstPass is false useFirstPass is false
>>>storePass is false clearPass is false
>>>Refreshing Kerberos configuration
>>>Principal is null
>>>null credentials from Ticket Cache
>>>===========================
>>>My question is
>>>1) Does this mean that ticket cache cannot be found hence a ticket could
>>>not be found or just that the ticket cache is empty?
>>>2) How do I find out where my ticket cache is and what it has?
>>>3) When prompted for username/pwd, if I supply either mine or a test
>>>account username/pwd, my login succeeds and I get back a subject from
>>>the logincontext where I can see a kerberos ticket as part of the
>>>private credentials. What could be the reason for my sample app not
>>>being able to get a kerberos ticket for the currently logged in user
>>>without prompting for username/pwd?
>>>
>>>Seems like some of you have dealt with JAAS on windows before so I'll
>>>really appreciate any pointers I can get on this.
>>>
>>>thanks
>>>
>>>
>>>________________________________________________
>>>Kerberos mailing list Kerberos at mit.edu
>>>https://mailman.mit.edu/mailman/listinfo/kerberos
>>>
>>>
>>--
>>vadim <vadim.tarassov at swissonline.ch>
>>
>>________________________________________________
>>Kerberos mailing list Kerberos at mit.edu
>>https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>>
>>
>
>
>
>________________________________________________
>Kerberos mailing list Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
More information about the Kerberos
mailing list