Java GSS/Kerberos issue - Autheticating server

Seema Malkani Seema.Malkani at Sun.COM
Fri Dec 2 14:54:26 EST 2005


Laurence Brockman wrote:

>
>[root at localhost laurence]# more /tmp/jaas.conf
>/** Login Configuration
> **/
>JaasServer {
>        com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true
>storeKey=true keyTab="/etc/krb5.keytab";
>};
>
>*Code from GSSAuthorizor:*
>
>   GSSManager manager = GSSManager.getInstance();
>   Oid kerberos = new Oid("1.2.840.113554.1.2.2");
>   this.serverName = "another at admin";
>   GSSName serverGSSName = manager.createName(this.serverName,
>GSSName.NT_USER_NAME);
>   GSSCredential serverGSSCreds = manager.createCredential(serverGSSName,
>GSSCredential.INDEFINITE_LIFETIME,
>     kerberos, GSSCredential.ACCEPT_ONLY);
>   log.debug("Created credentials for the service");
>
>
>  
>
You can create GSSName as follows:

GSSManager manager = GSSManager.getInstance();

Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");

// Identify the name of the server. This uses a Kerberos specific
// name format.
GSSName serverName = manager.createName("nfs/foo.sun.com", 
                                         krb5PrincipalNameType);


If you still have problems, send me a Kerberos debug output using 
"-Dsun.security.krb5.debug=true".

Seema




More information about the Kerberos mailing list