Caching kerberos ticket using Java

Douglas E. Engert deengert at anl.gov
Sat Dec 22 12:11:42 EST 2007 


Ranga Samudrala wrote:
> Hello,
> 
> Has anybody found a way to store a kerberos ticket into a cache on  
> the file system?

Have you looked at the
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html




> 
> I tried the following:
> 
> String ticketCache = "/tmp/KTGT-RANGA";
> String newCacheFileName = "/tmp/KTGT-RANGA-NEW";
> 
> //sun.security.krb5.Credentials c =  
> sun.security.krb5.Credentials.acquireDefaultCreds();
> sun.security.krb5.Credentials c =  
> sun.security.krb5.Credentials.acquireTGTFromCache(new PrincipalName 
> (principal, PrincipalName.KRB_NT_PRINCIPAL), ticketCache);
> CredentialsCache fcache = FileCredentialsCache.create(new  
> PrincipalName(principal, PrincipalName.KRB_NT_PRINCIPAL),  
> newCacheFileName.toString());
> 
>              sun.security.krb5.internal.ccache.Credentials ccreds =  
> new sun.security.krb5.internal.ccache.Credentials(
>                      c.getClient(), c.getServer(), c.getSessionKey()
>                      , new KerberosTime(c.getAuthTime()), new  
> KerberosTime(c.getStartTime()), new KerberosTime(c.getEndTime()), new  
> KerberosTime(c.getRenewTill())
>                      , true, c.getTicketFlags(), new HostAddresses 
> (c.getClientAddresses()), null
>                      , c.getTicket(), null);
>              fcache.update(ccreds);
>              fcache.save();
> 
> 
> I am facing two issues:
> 1. sun.security.krb5.Credentials.acquireDefaultCreds() throws  
> unsatisfied link error, looking for w2k_las_auth.dll file, even  
> though I am running this on Linux.
> 
> 2.  If I bypass invoking acquireDefaultCreds(), somehow manage to  
> read the credential cache and try to save the credential into another  
> cache file, I see the following NullPointerException :
> 
> java.lang.NullPointerException
>          at sun.security.krb5.internal.HostAddresses.writeAddrs 
> (HostAddresses.java:231)
>          at  
> sun.security.krb5.internal.ccache.CCacheOutputStream.addCreds 
> (CCacheOutputStream.java:83)
>          at  
> sun.security.krb5.internal.ccache.FileCredentialsCache.save 
> (FileCredentialsCache.java:292)
> 
> Any help is appreciated.
> 
> thanks
> Ranga
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the Kerberos mailing list