You have "useTicketPass" instead of "useFirstPass" in the sample code.
I noticed that IBM has additional description in their javadoc on this, i.e.
===========
4) The keytab and ccache options take precedence over tryFirstPass.
If a keytab or ccache option is set in addition to tryFirstPass,
the keytab or ccache is used and the principal saved in the shared state
if login is succesful. There will be no prompting for password if
the login fails.
5) The keytab and ccache options are incompatible with the
useFirstPass option; specifying useFirstPass in conjunction with
either a keytab or ccache option will cause an exception to be thrown.
===========
Is this how our impl behave if either useFirstPass or tryFirstPass is specified
along with ccache or keytab?
I think we need to think through all different combination of options and
document the behavior with this change.
Thanks,
Valerie
On 10/21/08 20:08, Weijun Wang wrote:
Hi All
Currently we have this check inside Krb5LoginModule:
private void validateConfiguration() throws LoginException {
if (doNotPrompt && !useTicketCache && !useKeyTab)
throw new LoginException
("Configuration Error"
+ " - either doNotPrompt should be "
+ " false or useTicketCache/useKeyTab "
+ " should be true");
.....
However, if the user has also provided tryFirstPass=true or
useFirstPass=true, it's possible to get the password from a shared
state. The restriction in the check is not necessary then. It can be
changed to:
if (doNotPrompt && !useTicketCache && !useKeyTab &&
!tryFirstPass && !useTicketPass)
throw new LoginException
("Configuration Error"
+ " - either doNotPrompt should be "
+ " false or at least one of useTicketCache, "
+ " useKeyTab, tryFirstPass and useTicketPass"
+ " should be true");
I'll file a bug and fix it if you find it OK.
Thanks
Max
