KfW 3.2.2 on Win XP SP3 + file cache = repeated password asking?

Kronus David kronda at atlas.cz
Sat May 9 16:49:05 EDT 2009

Hi all,
I'm not really expert so this might be a sign of my misunderstanding but...

I'm using Network ID manager to authenticate to a Linux server running MIT Kerberos KDC and other kerberized servers (SSHd, Apache+mod_auth_kerb). When I initially configured my identity in NetIdMgr, everything worked fine - input my password just once and then no more (using kerberized Putty, TortoiseSVN, Firefox...). So I conclude from this that there is no problem with the server.

Then I played with Java and wanted to use my cached credentials from KfW also using JAAS. I changed the cache in my identity configuration from API:... to FILE:c:\Temp\ccache. Cache worked, the file had been created after obtaining credentials. And after some time JAAS started to work. I was amazed but not for long because I've realized that with file-based cache NetIdMgr is asking for my password each time when some application using KfW dlls needs credentials (Firefox, Putty...). Even when I open putty twice for the same SSH server, NetIdMgr asks for password. Otherwise everything works but this is totally unusable. I tried to play with the settings but haven't arrived to a solution or an explanation. When I change back to API: cache, everything works fine (except JAAS...).

So, what's the problem?
1) Is this expected behaviour when using file-based cache? Shall I configure something to get rid of the repeated password prompt? I haven't really found any information about using file cache with KfW, it seems to be out-of-fashion, since Java is probably able to read from LSA, but that doesn't help me in this case (no AD domain), does it?
2) If the answer to question 1) is "YES, it it expected and you can't do anything about it", can you please advice me on a way in which KfW and JAAS can cooperate in a nice way?

Thanks for any help.

More information about the Kerberos mailing list