Connection to multiple AD servers from Java

Ian Harding iharding160 at hotmail.com
Wed Aug 31 12:27:39 EDT 2005


I'm not sure if this is an appropriate question for this group.  I 
posted it in comp.lang.java.security and had no response, and I'm not 
sure where else to try.

The Java application I am working on connects to one or more Windows 
2003 domain controllers using LDAP to retrieve information from the 
directory.

I only require a single connection to be active at any one time, but 
want a single instance of the application to work through the configured 
connections in turn with no user intervention.

The application is required to use Kerberos authentication, so in order 
to deal with different domain controllers and KDC hosts I am doing 
something like this:

for each domain controller
{
   System.setProperty("java.security.krb5.realm", <realm>" );
   System.setProperty("java.security.krb5.kdc", "<kdc>" );

   Login( "<user name>", "<password>" );
}

Where the Login method creates a custom callback handler to deal with 
user name and password, creates a LoginContext from it, and logs in.

The problem I have is that whichever set of connection details is 
presented, the first loop iteration successfully logs in.  Second and 
subsequent iterations fail with a LoginException containing 
detailMessage = "null (68)" and stackTrace = null (thanks, that's so 
useful!).

There don't seem to be any samples on the web demonstrating what I'm 
trying to do.  Everyone seems to assume that a single client instance 
will only ever want to connect one domain controller for the lifetime of 
the application.  I assume I'm doing something wrong, but can't work out 
the correct way of doing it.  Can anyone help?

Thank you
Ian


More information about the Kerberos mailing list