a problem about KerberosTicket
Hui HH Yuan
huiyuan at cn.ibm.com
Thu Dec 23 04:11:25 EST 2010
Hi Experts:
I have a problem as blow, could you help me why it so?
Environment:
Machine A: AD server
Machine S: server machine. login with domain user "userServer"
Machine C: client machine, login with domain user "userClient"
Problem:
1: "userClient" run the client application to get its KerberosTicket
object.
2: "userClient" send it's ticket to "userServer" by socket.
3: "userServer" start a service using this ticket.
4: open "Windows Taks Manager", the owner of the service is userServer(It
should be userClient).
could you help me why it so?
below is the code of starting a service by client ticket.
private void runMeAs(KerberosTicket ticket, String commandLine) throws
Exception {
Subject subject = new Subject();
// add a Principal and credential to the Subject
subject.getPrincipals().add(ticket.getClient());
subject.getPrincipals().add(ticket.getServer());
subject.getPublicCredentials().add(ticket);
subject.getPrivateCredentials().add(ticket);
try{
Object obj = Subject.doAs(subject, new LauncherAction(
commandLine));
}
catch (Exception e) {
System.out.println(">>>Start process failed " + e.getMessage
());
}
}
any advice and suggestions will be greatly appreciated.
Many thanks.
Best Regards,
More information about the Kerberos
mailing list