The Kerberos service ticket is obtained internally, and stored in the
Subject's private credentials, after successful authentication.
At the client-end :
// Identify the name of the server.
GSSName serverName = manager.createName("nfs/foo.sun.com",
GSSName.NT_HOSTBASED_SERVICE);
// Instantiate and initialize a security context that will be
// established with the server
GSSContext context = manager.createContext(serverName,
krb5Mechanism,
null,
GSSContext.DEFAULT_LIFETIME);
At the server-end :
// Acquire credentials for the server
GSSCredential serverCreds = manager.createCredential(serverName,
GSSCredential.DEFAULT_LIFETIME,
krb5Mechanism,
GSSCredential.ACCEPT_ONLY);
// Instantiate and initialize a security context that will
// wait for an establishment request token from the client
GSSContext context = manager.createContext(serverCreds);
Please refer to Java GSS tutorials for details:
http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/index.html
Seema
Olfmatic wrote On 08/21/06 10:00,:
>Hello,
>
>can anybody please send some lines of JAVA code in which a service ticket is
>acquired by the KDC? I tried it like this
>
> // Performing Kerberos login
> LoginContext tLoginContext = new LoginContext("JaasLogin");
> tLoginContext.login();
> final Subject tSubject = tLoginContext.getSubject();
>
> Subject.doAs(tSubject, new PrivilegedExceptionAction()
> {
> public Object run() throws Exception
> {
>
> Principal tPrincipal =
> (Principal)tSubject.getPrincipals().iterator().next();
> KerberosTicket tTicket = (KerberosTicket)
> tSubject.getPrivateCredentials(
>
> KerberosTicket.class).iterator().next();
>
> GSSManager tGSSManager = GSSManager.getInstance();
> Oid tKerberosOID = new Oid("1.2.840.113554.1.2.2");
> GSSName tGSSName =
> tGSSManager.createName("myservice/[EMAIL PROTECTED]", GSSName.NT_USER_NAME,
> tKerberosOID);
> GSSCredential tServiceCredential =
> tGSSManager.createCredential(tGSSName, GSSCredential.INDEFINITE_LIFETIME,
> tKerberosOID, GSSCredential.INITIATE_AND_ACCEPT);
> }
> }
>
>
>but this doesn't work. For some reason, the principal's name in
>tGSSManager.createName() is still the one from my WIN2003-Login. I get a valid
>TGT from tLoginContext.login() but acquiring the service ticket fails. Is this
>the right approachment to this problem?
>
>This is my auth.conf:
>
>
>JaasLogin {
> //Kerberos single-sign-on login module
> com.sun.security.auth.module.Krb5LoginModule required debug=true
> useTicketCache=true ;
>};
>
>other {
> // jBoss LoginModule
> org.jboss.security.ClientLoginModule required;
> // Put your login modules that need jBoss here
>};
>
>
>Thanks for any help in advance.
>
>________________________________________________
>Kerberos mailing list [email protected]
>https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
