Java GSS/Kerberos issue - Autheticating server

Laurence Brockman daceilo at gmail.com
Mon Dec 5 13:23:52 EST 2005


Thanks guys for all your help. I've now handed the project off to another
group to look at... I could get the client to autheticate using either the
JAAS methodology or use straight GSS with the keytab file, but I could not
get the server portion to work either way.

Thanks again so much!


On 12/2/05, Seema Malkani <Seema.Malkani at sun.com> wrote:
>
> Laurence Brockman wrote:
>
> >
> >[root at localhost laurence]# more /tmp/jaas.conf
> >/** Login Configuration
> > **/
> >JaasServer {
> >        com.sun.security.auth.module.Krb5LoginModule required
> useKeyTab=true
> >storeKey=true keyTab="/etc/krb5.keytab";
> >};
> >
> >*Code from GSSAuthorizor:*
> >
> >   GSSManager manager = GSSManager.getInstance();
> >   Oid kerberos = new Oid("1.2.840.113554.1.2.2");
> >   this.serverName = "another at admin";
> >   GSSName serverGSSName = manager.createName(this.serverName,
> >GSSName.NT_USER_NAME);
> >   GSSCredential serverGSSCreds = manager.createCredential(serverGSSName,
> >GSSCredential.INDEFINITE_LIFETIME,
> >     kerberos, GSSCredential.ACCEPT_ONLY);
> >   log.debug("Created credentials for the service");
> >
> >
> >
> >
> You can create GSSName as follows:
>
> GSSManager manager = GSSManager.getInstance();
>
> Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
>
> // Identify the name of the server. This uses a Kerberos specific
> // name format.
> GSSName serverName = manager.createName("nfs/foo.sun.com",
>                                         krb5PrincipalNameType);
>
>
> If you still have problems, send me a Kerberos debug output using
> "-Dsun.security.krb5.debug=true".
>
> Seema
>
>
>


More information about the Kerberos mailing list