Jeffrey, thanks for your sharp answer, it has solved my problem. David -----Original Message----- From: Jeffrey Altman [mailto:[email protected]] Sent: Monday, May 11, 2009 1:11 PM To: [email protected] Cc: [email protected] Subject: Re: KfW 3.2.2 on Win XP SP3 + file cache = repeated password asking?
Try setting the default identify after you alter the associated cache name. Kronus David wrote: > Hi all, > I'm not really expert so this might be a sign of my misunderstanding but... > > I'm using Network ID manager to authenticate to a Linux server running MIT > Kerberos KDC and other kerberized servers (SSHd, Apache+mod_auth_kerb). When > I initially configured my identity in NetIdMgr, everything worked fine - > input my password just once and then no more (using kerberized Putty, > TortoiseSVN, Firefox...). So I conclude from this that there is no problem > with the server. > > Then I played with Java and wanted to use my cached credentials from KfW also > using JAAS. I changed the cache in my identity configuration from API:... to > FILE:c:\Temp\ccache. Cache worked, the file had been created after obtaining > credentials. And after some time JAAS started to work. I was amazed but not > for long because I've realized that with file-based cache NetIdMgr is asking > for my password each time when some application using KfW dlls needs > credentials (Firefox, Putty...). Even when I open putty twice for the same > SSH server, NetIdMgr asks for password. Otherwise everything works but this > is totally unusable. I tried to play with the settings but haven't arrived to > a solution or an explanation. When I change back to API: cache, everything > works fine (except JAAS...). > > So, what's the problem? > 1) Is this expected behaviour when using file-based cache? Shall I configure > something to get rid of the repeated password prompt? I haven't really found > any information about using file cache with KfW, it seems to be > out-of-fashion, since Java is probably able to read from LSA, but that > doesn't help me in this case (no AD domain), does it? > 2) If the answer to question 1) is "YES, it it expected and you can't do > anything about it", can you please advice me on a way in which KfW and JAAS > can cooperate in a nice way? > > Thanks for any help. > David > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
