Hi
I have a java program that uses the jsch library, and we have started to
add kerberos to our server infrastructure.
The problem that i have is that the jsch library are asking for username
and password, even if i supply it with a public key and set the
promptPassword function in the UserInfo interface to return false.
Is there some way to force the jsch library to automatically fail the
gssapi-with-mic auth method if it doesn't have all required information,
instead of prompting a imaginary user (that isn't there as this is some
background server software) for information?
My code looks like this:
JSch jsch = new JSch();
jsch.addIdentity(identityFile, "");
Session session = jsch.getSession(username, serverName, 22);
UserInfo ui = new MyUserInfo();
session.setUserInfo(ui);
session.connect();
where MyUserInfo is as simple as possible:
public class MyUserInfo implements UserInfo {
public boolean promptYesNo(String str) {
return true;
}
public String getPassword() {
return null;
}
public String getPassphrase() {
return null;
}
public boolean promptPassphrase(String message) {
return false;
}
public boolean promptPassword(String message) {
return false;
}
public void showMessage(String msg) {
System.out.println(msg);
}
}
when i run it it looks like this:
$ java -cp jsch-0.1.45.jar:. TestSsh
Kerberos username [imagedownloader]:
the relevant part of a stacktrace from when it's prompting me:
- locked <0x00000007ac77b368> (a java.io.InputStreamReader)
at java.io.BufferedReader.readLine(BufferedReader.java:379)
at
com.sun.security.auth.callback.TextCallbackHandler.readLine(TextCallbackHandler.java:151)
at
com.sun.security.auth.callback.TextCallbackHandler.handle(TextCallbackHandler.java:119)
at
com.sun.security.auth.module.Krb5LoginModule.promptForName(Krb5LoginModule.java:767)
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:646)
at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:559)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:721)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:719)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:718)
at javax.security.auth.login.LoginContext.login(LoginContext.java:590)
at sun.security.jgss.GSSUtil.login(GSSUtil.java:264)
at sun.security.jgss.krb5.Krb5Util.getTicket(Krb5Util.java:153)
at
sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:346)
at
sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:344)
at java.security.AccessController.doPrivileged(Native Method)
at
sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:343)
at
sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:145)
at
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:123)
at
sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:189)
at
sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:220)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:213)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:180)
at com.jcraft.jsch.jgss.GSSContextKrb5.init(GSSContextKrb5.java:129)
at
com.jcraft.jsch.UserAuthGSSAPIWithMIC.start(UserAuthGSSAPIWithMIC.java:135)
at com.jcraft.jsch.Session.connect(Session.java:428)
at com.jcraft.jsch.Session.connect(Session.java:158)
------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
JSch-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jsch-users
