Here are your options:
1) Install the Kerberos configuration file instead of using system
properties
"java.security.krb5.kdc" and "java.security.krb5.realm".
2) Set system properties via java.lang.System class
e.g System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
3) Configure the Krb5LoginModule programmatically.
Refer to following for details:
http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/LoginConfigFile.html
http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html
http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/AppConfigurationEntry.html
Seema
lizhong wrote On 09/29/06 02:44,:
>I want to use the vnc applet client ,and need to modify the source code for
>kerberos authentication and data encryption. So I want the applet to be as
>easy to use as possible, and I hope no local file would be used in this
>process(for applet cannot visite local files without changing the security
>policy). I think that the example in this page(
>http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/BasicClientServer.html
> ) quite fits my needs, except that it's not a applet. This gssapi example
>uses no ticket cache files, and the user just needs to enter their kerberos
>username and password. But the Krb5LoginModule it uses only supports standard
>input and output, like this:
>D:\test\client>java -Djava.security.krb5.realm=stg.com
>-Djava.security.krb5.kdc=192.168.100.100
>-Djavax.security.auth.useSubjectCredsOnly=false
>-Djava.security.auth.login.config=bcsLogin.conf SampleClient vnc/gdnode014
>192.168.100.14 4444
>Connected to server /192.168.100.14
>Kerberos username [Administrator]: test/admin
> test/admin � Kerberos key: xxxxxx
>Will send token of size 453 from initSecContext.
>Will read input token of size 114 for processing by initSecContext
>Context Established!
>Client is test/[EMAIL PROTECTED]
>Server is vnc/gdnode014
>Mutual authentication took place!
>Will send wrap token of size 61
>Will read token of size 37
>Verified received MIC for message.
>Exiting...
>
>In a word, I want an applet implement which demonstrating the use of the Java
>GSS-API for secure exchanges of messages, without using local files. The user
>doesn't need to know any detail of kerberos or gssapi, and what they need to
>do is just to open an IE, go to my site, enter their username and password.
>Is there such implements already beening developed? Or I have to read the
>source code of Krb5LoginModule, and develop my own LoginModule for java applet?
>Thank you for any help!
>
>--
>LiZhong
>
>________________________________________________
>Kerberos mailing list [email protected]
>https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
