Hello Borislav,
I tried to verify your statements, but I couldn't quite follow.
I compared JSch-0.1.43 against JSch-0.1.44 (both the source and the binary
distributions).
And I couldn't find any difference in the list of files being shipped, neither
.class nor .java.
So... should JSch-0.1.44 support Kerberos or not?
And, should JSch-0.1.41 as it is shipped with Eclipse today support Kerberos or
not?
I'm particularly interested in Eclipse support, so it would be great if you
could share your guidelines document here or attach it on
https://bugs.eclipse.org/bugs/show_bug.cgi?id=265711 .
What I do get from your E-Mail is that on Windows I need additional software
(KFW) so having Eclipse / RSE / JSch only would not be sufficient to log into a
remote host using Kerberos.
Is this correct?
Thanks,
Martin
From: [email protected] [mailto:[email protected]] On Behalf Of Borislav
Stoichkov
Sent: Friday, January 21, 2011 5:35 AM
To: Oberhuber, Martin
Cc: [email protected]
Subject: Re: [JSch-users] JSch and Kerberos authentication?
Hello Martin
JSch has support for Kerberos authentication. The twist is that some versions
of the jar file posted include the required classes and others don't. For
example the latest version does not have the classes but the version before
does. Anyway grabbing the source and running the build (default against the
provided build.xml file) produces a jar file with krb5 support. I meant to send
another request for this functionality to be included in the posted jar file
but never got around to it. Now that this has come up maybe it will make
another case to include the krb5 classes.
Here are a few links that should help you get started with JSch, JAAS and
GSS-API
http://download.oracle.com/javase/1,5.0/docs/guide/security/jgss/tutorials/index.html
http://download.oracle.com/javase/1,5.0/docs/guide/security/jgss/tutorials/BasicClientServer.html
http://download.oracle.com/javase/1,5.0/docs/guide/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html
It all comes down to creating a valid JAAS login configuration file and using
the java.security.krb5.conf and java.security.auth.login.config properties. I
believe there is a small difference in the default JAAS configuration entry for
the client in java 1.5 and 1.6. In 1.5 it is com.sun.security.jgss.initiate and
in 1.6 it is com.sun.security.jgss.krb5.initiate
JSch with Kerberos authentication integrates very well with Ant, web apps
(weblogic and jboss) as well as Eclipse. I have a guidelines document about
integrating Eclipse with Jsch but it is pretty much in the same spirit. It
works together with KFW (Kerberos for windows, if using windows of course) with
a file based credentials cache that java can access and passing the properties
to eclipse in the ini file. If you need more details let me know.
It is easy to modify any one of the examples provided with JSch to use Kerberos
by removing the password altogether and passing the properties mentioned above.
Of course the server side needs to support gssapi. A keytab file can be used
as well so you don't have to maintain a credentials cache for the purpose of
your testing.
Hope this is helpful to you. Thanks.
Borislav
On Thu, Jan 20, 2011 at 12:54 PM, Oberhuber, Martin
<[email protected]<mailto:[email protected]>> wrote:
Hi all,
There is some confusion to what respect JSch supports Kerberos authentication.
WinSCP does seem to support it, but what about JSch? Respective Forum questions
have remained unanswered:
http://sourceforge.net/forum/forum.php?thread_id=3045396&forum_id=219651
http://sourceforge.net/forum/forum.php?thread_id=3045376&forum_id=219650
See also Eclipse bug
https://bugs.eclipse.org/bugs/show_bug.cgi?id=265711
Thanks,
Martin
------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand
malware threats, the impact they can have on your business, and how you
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
JSch-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/jsch-users
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
JSch-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jsch-users
