Caching kerberos ticket using Java

Ranga Samudrala Ranga_Samudrala at bmc.com
Fri Dec 21 16:36:03 EST 2007


Hello,

Has anybody found a way to store a kerberos ticket into a cache on  
the file system?

I tried the following:

String ticketCache = "/tmp/KTGT-RANGA";
String newCacheFileName = "/tmp/KTGT-RANGA-NEW";

//sun.security.krb5.Credentials c =  
sun.security.krb5.Credentials.acquireDefaultCreds();
sun.security.krb5.Credentials c =  
sun.security.krb5.Credentials.acquireTGTFromCache(new PrincipalName 
(principal, PrincipalName.KRB_NT_PRINCIPAL), ticketCache);
CredentialsCache fcache = FileCredentialsCache.create(new  
PrincipalName(principal, PrincipalName.KRB_NT_PRINCIPAL),  
newCacheFileName.toString());

             sun.security.krb5.internal.ccache.Credentials ccreds =  
new sun.security.krb5.internal.ccache.Credentials(
                     c.getClient(), c.getServer(), c.getSessionKey()
                     , new KerberosTime(c.getAuthTime()), new  
KerberosTime(c.getStartTime()), new KerberosTime(c.getEndTime()), new  
KerberosTime(c.getRenewTill())
                     , true, c.getTicketFlags(), new HostAddresses 
(c.getClientAddresses()), null
                     , c.getTicket(), null);
             fcache.update(ccreds);
             fcache.save();


I am facing two issues:
1. sun.security.krb5.Credentials.acquireDefaultCreds() throws  
unsatisfied link error, looking for w2k_las_auth.dll file, even  
though I am running this on Linux.

2.  If I bypass invoking acquireDefaultCreds(), somehow manage to  
read the credential cache and try to save the credential into another  
cache file, I see the following NullPointerException :

java.lang.NullPointerException
         at sun.security.krb5.internal.HostAddresses.writeAddrs 
(HostAddresses.java:231)
         at  
sun.security.krb5.internal.ccache.CCacheOutputStream.addCreds 
(CCacheOutputStream.java:83)
         at  
sun.security.krb5.internal.ccache.FileCredentialsCache.save 
(FileCredentialsCache.java:292)

Any help is appreciated.

thanks
Ranga





More information about the Kerberos mailing list