Obtaining service ticket with JAVA JAAS

Olfmatic olfmatic at web.de
Mon Aug 21 13:00:36 EDT 2006


Hello,

can anybody please send some lines of JAVA code in which a service ticket is acquired by the KDC? I tried it like this

    	// Performing Kerberos login
    	LoginContext tLoginContext = new LoginContext("JaasLogin");
    	tLoginContext.login();
    	final Subject tSubject = tLoginContext.getSubject();

    	Subject.doAs(tSubject, new PrivilegedExceptionAction()
			{
				public Object run() throws Exception
				{
					
		    	Principal tPrincipal = (Principal)tSubject.getPrincipals().iterator().next();
		    	KerberosTicket tTicket = (KerberosTicket) tSubject.getPrivateCredentials(
							KerberosTicket.class).iterator().next();

			GSSManager tGSSManager = GSSManager.getInstance();
			Oid tKerberosOID = new Oid("1.2.840.113554.1.2.2");
			GSSName tGSSName = tGSSManager.createName("myservice/servicehost.myrealm.de at MYREALM.DE", GSSName.NT_USER_NAME, tKerberosOID);
			GSSCredential tServiceCredential = tGSSManager.createCredential(tGSSName, GSSCredential.INDEFINITE_LIFETIME, tKerberosOID, GSSCredential.INITIATE_AND_ACCEPT);
				}
			}


but this doesn't work. For some reason, the principal's name in tGSSManager.createName() is still the one from my WIN2003-Login. I get a valid TGT from tLoginContext.login() but acquiring the service ticket fails. Is this the right approachment to this problem?

This is my auth.conf:


JaasLogin {
    //Kerberos single-sign-on login module
    com.sun.security.auth.module.Krb5LoginModule required debug=true useTicketCache=true ;
};
 
other {
    // jBoss LoginModule
    org.jboss.security.ClientLoginModule  required;
    // Put your login modules that need jBoss here
};


Thanks for any help in advance.




More information about the Kerberos mailing list