All I get in the Subject is a Set of private credentials with the TGT at position 0. Nothing else is contained. Should the service ticket be another element of this Set? How do I recognize a service ticket? How does the KDC know, which service I need a ticket for?
-----Ursprungliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Gesendet: Montag, 21. August 2006 21:09 An: Olfmatic Cc: [email protected] Betreff: Re: Obtaining service ticket with JAVA JAAS The Kerberos service ticket is obtained internally, and stored in the Subject's private credentials, after successful authentication. At the client-end : // Identify the name of the server. GSSName serverName = manager.createName("nfs/foo.sun.com", GSSName.NT_HOSTBASED_SERVICE); // Instantiate and initialize a security context that will be // established with the server GSSContext context = manager.createContext(serverName, krb5Mechanism, null, GSSContext.DEFAULT_LIFETIME); At the server-end : // Acquire credentials for the server GSSCredential serverCreds = manager.createCredential(serverName, GSSCredential.DEFAULT_LIFETIME, krb5Mechanism, GSSCredential.ACCEPT_ONLY); // Instantiate and initialize a security context that will // wait for an establishment request token from the client GSSContext context = manager.createContext(serverCreds); Please refer to Java GSS tutorials for details: http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/index.html Seema Olfmatic wrote On 08/21/06 10:00,: >Hello, > >can anybody please send some lines of JAVA code in which a service ticket is >acquired by the KDC? I tried it like this > > // Performing Kerberos login > LoginContext tLoginContext = new LoginContext("JaasLogin"); > tLoginContext.login(); > final Subject tSubject = tLoginContext.getSubject(); > > Subject.doAs(tSubject, new PrivilegedExceptionAction() > { > public Object run() throws Exception > { > > Principal tPrincipal = > (Principal)tSubject.getPrincipals().iterator().next(); > KerberosTicket tTicket = (KerberosTicket) > tSubject.getPrivateCredentials( > > KerberosTicket.class).iterator().next(); > > GSSManager tGSSManager = GSSManager.getInstance(); > Oid tKerberosOID = new Oid("1.2.840.113554.1.2.2"); > GSSName tGSSName = > tGSSManager.createName("myservice/[EMAIL PROTECTED]", GSSName.NT_USER_NAME, > tKerberosOID); > GSSCredential tServiceCredential = > tGSSManager.createCredential(tGSSName, GSSCredential.INDEFINITE_LIFETIME, > tKerberosOID, GSSCredential.INITIATE_AND_ACCEPT); > } > } > > >but this doesn't work. For some reason, the principal's name in >tGSSManager.createName() is still the one from my WIN2003-Login. I get a valid >TGT from tLoginContext.login() but acquiring the service ticket fails. Is this >the right approachment to this problem? > >This is my auth.conf: > > >JaasLogin { > //Kerberos single-sign-on login module > com.sun.security.auth.module.Krb5LoginModule required debug=true > useTicketCache=true ; >}; > >other { > // jBoss LoginModule > org.jboss.security.ClientLoginModule required; > // Put your login modules that need jBoss here >}; > > >Thanks for any help in advance. > >________________________________________________ >Kerberos mailing list [email protected] >https://mailman.mit.edu/mailman/listinfo/kerberos > > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
