Java sample for SSO using JAAS on XP SP2

Seema Malkani Seema.Malkani at Sun.COM
Thu Mar 17 16:54:56 EST 2005 

You can refer to Java GSS tutorials for sample code:
http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/index.html

Please check if you have set the register key "allowtgtsessionkey" 
correctly.
Here is the location of the registry setting on Windows XP SP2:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\
Value Name: allowtgtsessionkey
Value Type: REG_DWORD
Value: 0x01
  

Seema

Bajpai, Atul wrote:

>Hi all, 
>I am trying to find a SSO solution for Java apps. My requirements are to
>retrieve and use the currently logged in users credentials to
>authenticate against Windows AD. After browsing through the mailing list
>archives I was able to find some JAAS sample code to do this but I am
>unable get the sample to behave that way. The sample app always prompts
>for a username/password and never succeeds when I type in my own
>username/pwd, I get a null[52] error. However when I use some of the
>test id's that have been created they get authenticated. I also found
>that XP SP2(which is what I have on my desktop) needs
>"allowTGTSessionKey" in registry but that hasn't helped either. My .conf
>file looks like this "com.sun.security.auth.module.Krb5LoginModule
>required debug=true storeKey=true useTicketCache=true;". Appreciate all
>the help I can get on this. Thanks.
>
>Atul 
>
>
>------------------------------------------------------------------------
>-------------------------
>-------------------------
>
>CONFIDENTIALITY AND SECURITY NOTICE
>
>This e-mail contains information that may be confidential and 
>proprietary. It is to be read and used solely by the intended
>recipient(s). 
>Citadel and its affiliates retain all proprietary rights they may have
>in the 
>information. If you are not an intended recipient, please notify us 
>immediately either by reply e-mail or by telephone at 312-395-2100 
>and delete this e-mail (including any attachments hereto) immediately 
>without reading, disseminating, distributing or copying. We cannot give 
>any assurances that this e-mail and any attachments are free of viruses 
>and other harmful code. Citadel reserves the right to monitor, intercept
>and block all communications involving its computer systems.
>
>
>
>
>
>
>
>
>________________________________________________
>Kerberos mailing list           Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>  
>

More information about the Kerberos mailing list