KfW 3.2.2 on Win XP SP3 + file cache = repeated password asking?
Jeffrey Altman
jaltman at secure-endpoints.com
Mon May 11 07:11:07 EDT 2009
Try setting the default identify after you alter the associated cache name.
Kronus David wrote:
> Hi all,
> I'm not really expert so this might be a sign of my misunderstanding but...
>
> I'm using Network ID manager to authenticate to a Linux server running MIT Kerberos KDC and other kerberized servers (SSHd, Apache+mod_auth_kerb). When I initially configured my identity in NetIdMgr, everything worked fine - input my password just once and then no more (using kerberized Putty, TortoiseSVN, Firefox...). So I conclude from this that there is no problem with the server.
>
> Then I played with Java and wanted to use my cached credentials from KfW also using JAAS. I changed the cache in my identity configuration from API:... to FILE:c:\Temp\ccache. Cache worked, the file had been created after obtaining credentials. And after some time JAAS started to work. I was amazed but not for long because I've realized that with file-based cache NetIdMgr is asking for my password each time when some application using KfW dlls needs credentials (Firefox, Putty...). Even when I open putty twice for the same SSH server, NetIdMgr asks for password. Otherwise everything works but this is totally unusable. I tried to play with the settings but haven't arrived to a solution or an explanation. When I change back to API: cache, everything works fine (except JAAS...).
>
> So, what's the problem?
> 1) Is this expected behaviour when using file-based cache? Shall I configure something to get rid of the repeated password prompt? I haven't really found any information about using file cache with KfW, it seems to be out-of-fashion, since Java is probably able to read from LSA, but that doesn't help me in this case (no AD domain), does it?
> 2) If the answer to question 1) is "YES, it it expected and you can't do anything about it", can you please advice me on a way in which KfW and JAAS can cooperate in a nice way?
>
> Thanks for any help.
> David
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20090511/78acbdef/attachment.bin
More information about the Kerberos
mailing list