kinit from java

Todd Grayson tgrayson at cloudera.com
Thu Jun 23 10:17:11 EDT 2016


This discusses how its implemented from the java application perspective,
through the JAAS/JGSS layers.

http://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/single-signon.html

On Thu, Jun 23, 2016 at 3:09 AM, Dameon Wagner <dameon.wagner at it.ox.ac.uk>
wrote:

> On Wed, Jun 22 2016 at 06:37:31 +0000, Ghosh, Parthapratim  scribbled
>  in "kinit from java":
> > Hi Kerberos team,
> >
> > I have the following question -
> >
> > How can one simulate kinit call with userid and password from java.
> > I have a java process running and want to kinit from that process.
>
> That can depend on the reason why you want to kinit.
>
> If you're looking to have Kerberos credentials available for the java
> process so that it can authenticate it self to other services, then
> you may find it better to run the java process from k5start.  As I'm
> lazy I won't try to explain how it all works here, but will rather
> just quote the first paragraph of the manpage:
>
> #---8<-----------------------------------------------------------------
> k5start obtains and caches an initial Kerberos ticket-granting ticket
> for a principal.  k5start can be used as an alternative to kinit, but
> it is primarily intended to be used by programs that want to use a
> keytab to obtain Kerberos credentials, such as a web server that needs
> to authenticate to another service such as an LDAP server.
> #---8<-----------------------------------------------------------------
>
> If that sounds like the sort of solution you're after, I can highly
> recommend k5start (and krenew from the same package).
>
> Cheers.
>
> Dameon.
>
> --
> ><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><
> Dr. Dameon Wagner, Systems Development and Support
> IT Services, University of Oxford
> ><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>



-- 
Todd Grayson
Business Operations Manager
Customer Operations Engineering
Security SME


More information about the Kerberos mailing list