Delegation w/ Java
Michael B Allen
mba2000 at ioplex.com
Fri Sep 1 12:37:12 EDT 2006
I'm trying to get delegation to work from a Java servlet running on a
Windows IIS machine but Credential.acquireTGTFromCache() is returning
'null'. Is this because Java 1.5 doesn't support RC4-HMAC? I cannot
require all regular user accounts to be set for "DES only". Is there
anything I can do?
The following code (plus a regeit allowtgtsessionkey=1) illustrates the
problem:
System.setProperty("os.name", "windows 2000");
Credentials c = Credentials.acquireDefaultCreds();
System.out.println(c);
System.out.println("aquireTGT***");
Credentials x = Credentials.acquireTGTFromCache(c.getServer(), null);
System.out.println(x);
This prints:
C:\tmp>java AcquireTGT
Credentials:
client=alice at EXAMPLE.COM
server=krbtgt/AD.EXAMPLE.COM at EXAMPLE.COM
authTime=20060901202921Z
startTime=20060901202921Z
endTime=20060902012024Z
renewTill=20060908152024Z
flags: FORWARDABLE;RENEWABLE;PRE-AUTHENT
EType (int): 3
aquireTGT***
null
So the TGT is 'null'.
If I use Java's kinit it works (at least on Linux it did last night, right
now I'm on Windows on site).
Can someone recommend a path of low resistance?
Do I want to try IBM's JGSS?
Mike
More information about the Kerberos
mailing list