JDK6 does not support two keytabs loaded at the same time. It was
designed that way. You can merge the two to one and java will pick keys
by service names. Of course, if your two keytab files contains keys for
the same service and they are different, this won't work.
JDK7 should support it. Just point to different keytab files in
different entries of your JAAS config file. Something like
server {
com.sun.security.auth.module.Krb5LoginModule required
principal="server/host"
useKeyTab=true
keyTab=server.keytab
storeKey=true;
};
backend {
com.sun.security.auth.module.Krb5LoginModule required
principal="backend/host"
useKeyTab=true
keyTab=backend.keytab
storeKey=true;
};
Thanks
Max
On 3/18/13 2:58 PM, Vipul Mehta wrote:
I want to use multiple keytabs within the same kerberos server so
instead of using a JAAS configuration file i wrote my own login
configuration. But it seems that Krb5LoginModule instances share the
same keytab file location. To use a different keytab we need to set
refereshKrb5config to true in login configuration class which will
refresh the configuration for all the Krb5LoginModule instances. Why
Java 6 doesn't allow multiple keytab instances ? There is some change in
the approach how java 7 handles keytabs ( i am not able to get it ) but
it looks like the problem exists in Java 7 as well.
--
Regards,
Vipul
