KfW 3.2.2 on Win XP SP3 + file cache = repeated password asking?

Kronus David kronda at atlas.cz
Mon May 11 07:32:57 EDT 2009

thanks for your sharp answer, it has solved my problem.

-----Original Message-----
From: Jeffrey Altman [mailto:jaltman at secure-endpoints.com] 
Sent: Monday, May 11, 2009 1:11 PM
To: kronda at atlas.cz
Cc: kerberos at mit.edu
Subject: Re: KfW 3.2.2 on Win XP SP3 + file cache = repeated password asking?

Try setting the default identify after you alter the associated cache name.

Kronus David wrote:
> Hi all,
> I'm not really expert so this might be a sign of my misunderstanding but...
> I'm using Network ID manager to authenticate to a Linux server running MIT Kerberos KDC and other kerberized servers (SSHd, Apache+mod_auth_kerb). When I initially configured my identity in NetIdMgr, everything worked fine - input my password just once and then no more (using kerberized Putty, TortoiseSVN, Firefox...). So I conclude from this that there is no problem with the server.
> Then I played with Java and wanted to use my cached credentials from KfW also using JAAS. I changed the cache in my identity configuration from API:... to FILE:c:\Temp\ccache. Cache worked, the file had been created after obtaining credentials. And after some time JAAS started to work. I was amazed but not for long because I've realized that with file-based cache NetIdMgr is asking for my password each time when some application using KfW dlls needs credentials (Firefox, Putty...). Even when I open putty twice for the same SSH server, NetIdMgr asks for password. Otherwise everything works but this is totally unusable. I tried to play with the settings but haven't arrived to a solution or an explanation. When I change back to API: cache, everything works fine (except JAAS...).
> So, what's the problem?
> 1) Is this expected behaviour when using file-based cache? Shall I configure something to get rid of the repeated password prompt? I haven't really found any information about using file cache with KfW, it seems to be out-of-fashion, since Java is probably able to read from LSA, but that doesn't help me in this case (no AD domain), does it?
> 2) If the answer to question 1) is "YES, it it expected and you can't do anything about it", can you please advice me on a way in which KfW and JAAS can cooperate in a nice way?
> Thanks for any help.
> David
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list