Java sample for SSO using JAAS on XP SP2
Bajpai, Atul
Atul.Bajpai at citadelgroup.com
Fri Mar 18 11:46:09 EST 2005
Seema,
Thanks for responding to my post. My registry is set up as suggested but
I still have the same problem. I did move to jdk 1.4.2 from jdk1.4.1
based on some of your posts about the UDP/TCP problem but now I get
"connection reset" message when I run my sample. I have the debug=true
flag set in my .conf file and this is the output I get
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++
Debug is true storeKey false useTicketCache true useKeyTab false
doNotPrompt fa
lse ticketCache is null KeyTab is null refreshKrb5Config is false
principal is n
ull tryFirstPass is false useFirstPass is false storePass is false
clearPass is
false
Principal is null
null credentials from Ticket Cache
Kerberos username [abajpai]:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++
At this point if I use a test account name and password, everyhting goes
well but if I use my own user name and password I get a Connection
reset message. Any ideas on what I should try next? Also how do I force
the app to
Use my credentials and not prompt me for the username/pwd?
TIA
Atul Bajpai
Development Infrastructure
-----Original Message-----
From: Seema Malkani [mailto:Seema.Malkani at sun.com]
Sent: Thursday, March 17, 2005 3:55 PM
To: Bajpai, Atul
Cc: kerberos at mit.edu
Subject: Re: Java sample for SSO using JAAS on XP SP2
You can refer to Java GSS tutorials for sample code:
http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/index.
html
Please check if you have set the register key "allowtgtsessionkey"
correctly.
Here is the location of the registry setting on Windows XP SP2:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\
Value Name: allowtgtsessionkey
Value Type: REG_DWORD
Value: 0x01
Seema
Bajpai, Atul wrote:
>Hi all,
>I am trying to find a SSO solution for Java apps. My requirements are
>to retrieve and use the currently logged in users credentials to
>authenticate against Windows AD. After browsing through the mailing
>list archives I was able to find some JAAS sample code to do this but I
>am unable get the sample to behave that way. The sample app always
>prompts for a username/password and never succeeds when I type in my
>own username/pwd, I get a null[52] error. However when I use some of
>the test id's that have been created they get authenticated. I also
>found that XP SP2(which is what I have on my desktop) needs
>"allowTGTSessionKey" in registry but that hasn't helped either. My
>.conf file looks like this
>"com.sun.security.auth.module.Krb5LoginModule
>required debug=true storeKey=true useTicketCache=true;". Appreciate all
>the help I can get on this. Thanks.
>
>Atul
>
>
>-----------------------------------------------------------------------
>-
>-------------------------
>-------------------------
>
>CONFIDENTIALITY AND SECURITY NOTICE
>
>This e-mail contains information that may be confidential and
>proprietary. It is to be read and used solely by the intended
>recipient(s).
>Citadel and its affiliates retain all proprietary rights they may have
>in the information. If you are not an intended recipient, please notify
>us immediately either by reply e-mail or by telephone at 312-395-2100
>and delete this e-mail (including any attachments hereto) immediately
>without reading, disseminating, distributing or copying. We cannot give
>any assurances that this e-mail and any attachments are free of viruses
>and other harmful code. Citadel reserves the right to monitor,
>intercept and block all communications involving its computer systems.
>
>
>
>
>
>
>
>
>________________________________________________
>Kerberos mailing list Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
More information about the Kerberos
mailing list