[
https://issues.apache.org/jira/browse/HTTPCLIENT-1912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16427841#comment-16427841
]
Nicholas DiPiazza edited comment on HTTPCLIENT-1912 at 4/6/18 2:17 AM:
-----------------------------------------------------------------------
Hey [~michael-o]
If I could figure out how to tell HttpClient to use a certain Entry name within
the login.conf, that would help me a lot.
See [this
link|https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/AcnOnly.html#ClientLC]
from the JAAS documentation that shows that the LoginContext takes an entry
name.
How does the AuthSchemes.SPNEGO pick the entry name it uses?
in other words
login.conf:
{code}
KrbLogin {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/home/ndipiazza/kerberos.keytab"
useTicketCache=true
principal="HTTP/[email protected]"
debug=true;
};
KrbLogin2 {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/home/ndipiazza/kerberos.keytab"
useTicketCache=true
principal="HTTP/[email protected]"
debug=true;
};
{code}
It seems like Windows uses KrbLogin. How can I get it to use KrbLogin2?
Looks to me like it just uses the default. Which I don't quite understand.
I think similar work was done on the Hadoop project
https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java
I don't quite fully understand how all of this works yet but, i was wondering
if you could give me a hand in getting all of the source checked out I'll need
to get this done? thanks.
was (Author: ndipiazza_gmail):
Hey [~michael-o]
If I could figure out how to tell HttpClient to use a certain Entry name within
the login.conf, that would help me a lot.
See [this
link|https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/AcnOnly.html#ClientLC]
from the JAAS documentation that shows that the LoginContext takes an entry
name.
How does the AuthSchemes.SPNEGO pick the entry name it uses?
in other words
login.conf:
{code}
KrbLogin {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/home/ndipiazza/kerberos.keytab"
useTicketCache=true
principal="HTTP/[email protected]"
debug=true;
};
KrbLogin2 {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/home/ndipiazza/kerberos.keytab"
useTicketCache=true
principal="HTTP/[email protected]"
debug=true;
};
{code}
It seems like Windows uses KrbLogin. How can I get it to use KrbLogin2?
> AuthSchemes.SPNEGO should be able to specify login conf and krb5 conf as
> parameters instead of system properties
> ----------------------------------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1912
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1912
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient (classic)
> Affects Versions: 4.5.2
> Reporter: Nicholas DiPiazza
> Priority: Major
> Labels: volunteers-wanted
> Fix For: Stuck
>
>
> in order to use spenego
> see
> [example|https://github.com/jumarko/kerberos-auth-example/blob/master/src/main/java/net/curiousprogrammer/auth/kerberos/example/KerberosAuthExample.java]
> you need to specify system properties to specify a custom krb5.conf or
> login.conf location.
> It would be very useful if these could be given as parameters somehow instead
> of system properties, because in our cloud apps use case, sharing these as
> system properties at the jvm level is causing conflicts.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
