Hello Martin
JSch has support for Kerberos authentication. The twist is that some
versions of the jar file posted include the required classes and others
don't. For example the latest version does not have the classes but the
version before does. Anyway grabbing the source and running the build
(default against the provided build.xml file) produces a jar file with krb5
support. I meant to send another request for this functionality to be
included in the posted jar file but never got around to it. Now that this
has come up maybe it will make another case to include the krb5 classes.
Here are a few links that should help you get started with JSch, JAAS and
GSS-API
http://download.oracle.com/javase/1,5.0/docs/guide/security/jgss/tutorials/index.html
<http://download.oracle.com/javase/1,5.0/docs/guide/security/jgss/tutorials/index.html>
http://download.oracle.com/javase/1,5.0/docs/guide/security/jgss/tutorials/BasicClientServer.html
http://download.oracle.com/javase/1,5.0/docs/guide/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html
It all comes down to creating a valid JAAS login configuration file and
using the java.security.krb5.conf and java.security.auth.login.config
properties. I believe there is a small difference in the default JAAS
configuration entry for the client in java 1.5 and 1.6. In 1.5 it is
com.sun.security.jgss.initiate and in 1.6 it is
com.sun.security.jgss.krb5.initiate
JSch with Kerberos authentication integrates very well with Ant, web apps
(weblogic and jboss) as well as Eclipse. I have a guidelines document about
integrating Eclipse with Jsch but it is pretty much in the same spirit. It
works together with KFW (Kerberos for windows, if using windows of course)
with a file based credentials cache that java can access and passing the
properties to eclipse in the ini file. If you need more details let me know.
It is easy to modify any one of the examples provided with JSch to use
Kerberos by removing the password altogether and passing the properties
mentioned above. Of course the server side needs to support gssapi. A
keytab file can be used as well so you don't have to maintain a credentials
cache for the purpose of your testing.
Hope this is helpful to you. Thanks.
Borislav
<http://download.oracle.com/javase/1,5.0/docs/guide/security/jgss/tutorials/BasicClientServer.html>
On Thu, Jan 20, 2011 at 12:54 PM, Oberhuber, Martin <
[email protected]> wrote:
> Hi all,
>
>
>
> There is some confusion to what respect JSch supports Kerberos
> authentication. WinSCP does seem to support it, but what about JSch?
> Respective Forum questions have remained unanswered:
>
> http://sourceforge.net/forum/forum.php?thread_id=3045396&forum_id=219651
>
> http://sourceforge.net/forum/forum.php?thread_id=3045376&forum_id=219650
>
>
>
> See also Eclipse bug
>
> https://bugs.eclipse.org/bugs/show_bug.cgi?id=265711
>
>
>
> Thanks,
> Martin
>
>
> ------------------------------------------------------------------------------
> Protect Your Site and Customers from Malware Attacks
> Learn about various malware tactics and how to avoid them. Understand
> malware threats, the impact they can have on your business, and how you
> can protect your company and customers by using code signing.
> http://p.sf.net/sfu/oracle-sfdevnl
> _______________________________________________
> JSch-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/jsch-users
>
>
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
JSch-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jsch-users
