Hello,
can anybody please send some lines of JAVA code in which a service ticket is
acquired by the KDC? I tried it like this
// Performing Kerberos login
LoginContext tLoginContext = new LoginContext("JaasLogin");
tLoginContext.login();
final Subject tSubject = tLoginContext.getSubject();
Subject.doAs(tSubject, new PrivilegedExceptionAction()
{
public Object run() throws Exception
{
Principal tPrincipal =
(Principal)tSubject.getPrincipals().iterator().next();
KerberosTicket tTicket = (KerberosTicket)
tSubject.getPrivateCredentials(
KerberosTicket.class).iterator().next();
GSSManager tGSSManager = GSSManager.getInstance();
Oid tKerberosOID = new Oid("1.2.840.113554.1.2.2");
GSSName tGSSName =
tGSSManager.createName("myservice/[EMAIL PROTECTED]", GSSName.NT_USER_NAME,
tKerberosOID);
GSSCredential tServiceCredential =
tGSSManager.createCredential(tGSSName, GSSCredential.INDEFINITE_LIFETIME,
tKerberosOID, GSSCredential.INITIATE_AND_ACCEPT);
}
}
but this doesn't work. For some reason, the principal's name in
tGSSManager.createName() is still the one from my WIN2003-Login. I get a valid
TGT from tLoginContext.login() but acquiring the service ticket fails. Is this
the right approachment to this problem?
This is my auth.conf:
JaasLogin {
//Kerberos single-sign-on login module
com.sun.security.auth.module.Krb5LoginModule required debug=true
useTicketCache=true ;
};
other {
// jBoss LoginModule
org.jboss.security.ClientLoginModule required;
// Put your login modules that need jBoss here
};
Thanks for any help in advance.
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
