Java code performing Kerberos password AuthN
Jorj Bauer
jorj at isc.upenn.edu
Fri Jun 27 10:06:22 EDT 2014
> Note that you can dodge the jaas.conf by installaing your own
> Configuration like:
Thanks for the comment. I know about this, generally speaking - it's what I was alluding to in the README:
> (There is probably
> a more complex Configuration object setup that could be performed here
> to populate the settings programmatically; I chose to not go down that
> road due to complexity of the code that might be required.)
Specifically - and maybe you can help here - I have two concerns about that approach.
First: there are two different configurations in jaas.conf (one for client and one for server behavior). I presume it's possible to construct a programmatic configuration that adds both, but I haven't thought about how.
Second: setting the realm and/or KDC using System.setProperty java.security.krb5.realm and/or java.security.krb5.kdc, I wasn't able (in my limited testing) to make it perform failover when the primary was unreachable. Seeing that it worked fine with krb5.conf, I decided to punt, choosing functionality over form.
If there's a good way to address those two, I'll happily include at least instructions on how to do it, and will probably extend the constructor to accommodate.
> Java's builtin Kerberos implementation is a mess. ...
> The API is horrible as evidenced by the flaming
> hula hoops you had to go through to do anything remotely
> sophisticated.
I agree.
-- Jorj
More information about the Kerberos
mailing list