Connection to multiple AD servers from Java
Ian Harding
iharding160 at hotmail.com
Wed Aug 31 12:27:39 EDT 2005
I'm not sure if this is an appropriate question for this group. I
posted it in comp.lang.java.security and had no response, and I'm not
sure where else to try.
The Java application I am working on connects to one or more Windows
2003 domain controllers using LDAP to retrieve information from the
directory.
I only require a single connection to be active at any one time, but
want a single instance of the application to work through the configured
connections in turn with no user intervention.
The application is required to use Kerberos authentication, so in order
to deal with different domain controllers and KDC hosts I am doing
something like this:
for each domain controller
{
System.setProperty("java.security.krb5.realm", <realm>" );
System.setProperty("java.security.krb5.kdc", "<kdc>" );
Login( "<user name>", "<password>" );
}
Where the Login method creates a custom callback handler to deal with
user name and password, creates a LoginContext from it, and logs in.
The problem I have is that whichever set of connection details is
presented, the first loop iteration successfully logs in. Second and
subsequent iterations fail with a LoginException containing
detailMessage = "null (68)" and stackTrace = null (thanks, that's so
useful!).
There don't seem to be any samples on the web demonstrating what I'm
trying to do. Everyone seems to assume that a single client instance
will only ever want to connect one domain controller for the lifetime of
the application. I assume I'm doing something wrong, but can't work out
the correct way of doing it. Can anyone help?
Thank you
Ian
More information about the Kerberos
mailing list